shipp
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes real-time event data from external API endpoints, which presents a surface for indirect prompt injection. Content within the external data stream could potentially be crafted to influence the agent's behavior.\n
- Ingestion points: The skill retrieves dynamic content via
https://api.shipp.ai/api/v1/connections/{connectionId}andhttps://api.shipp.ai/api/v1/sports/{sport}/schedule.\n - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are implemented in the skill's data handling definitions.\n
- Capability inventory: The skill utilizes
curlfor network communication andjqfor processing JSON payloads.\n - Sanitization: The skill does not define specific sanitization or isolation logic to prevent the model from interpreting retrieved data as instructions.\n- [EXTERNAL_DOWNLOADS]: The skill is configured to fetch data and documentation from the vendor's official API and documentation domains.\n
- Evidence: The
allowed-toolssection grants access tohttps://api.shipp.ai/*,https://docs.shipp.ai/*, andhttps://platform.shipp.ai/*usingcurl.
Audit Metadata