oxylabs-proxies
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEDATA_EXFILTRATION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill performs network operations to 'oxylabs.io' and 'ip.oxylabs.io', which are not on the trusted whitelist for exfiltration analysis. Evidence: Multiple code examples in 'examples.md' utilize HTTP clients like 'requests', 'axios', and 'curl' to connect to these endpoints.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest data from external URLs, creating a vulnerability surface for indirect prompt injection. Ingestion points: Data enters the context via 'response.text' (Python), 'response.data' (Node.js), and 'io.ReadAll(resp.Body)' (Go) in 'examples.md'. Boundary markers: Absent; the code does not include delimiters or instructions to the agent to ignore embedded instructions in fetched content. Capability inventory: The skill utilizes network-read capabilities across various scripts to fetch external data. Sanitization: Absent; fetched content is processed directly without validation or escaping.
- [Credentials Unsafe] (SAFE): The skill follows security best practices by using environment variables ('OXY_DC_USERNAME', 'OXY_DC_PASSWORD') instead of hardcoded secrets.
Audit Metadata