pachca-profile
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Employs curl to perform REST API operations against api.pachca.com. These actions are restricted to the vendor's domain and align with the skill's documented functionality.
- [EXTERNAL_DOWNLOADS]: Retrieves user data and metadata from the official Pachca API. These references are to a well-known and trusted service provider.
- [PROMPT_INJECTION]: Ingests potentially untrusted data from API responses, creating an indirect prompt injection surface.
- Ingestion points: Responses from /profile and /custom_properties endpoints.
- Boundary markers: None defined to delineate API content from instructions.
- Capability inventory: Limited to making curl requests to the vendor's API.
- Sanitization: No validation or sanitization is performed on the incoming data.
Audit Metadata