Skills
skills/proffesor-for-testing/sentinel-api-testing/compliance-testing/Gen Agent Trust Hub

compliance-testing

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill creates a significant attack surface by processing untrusted external content while maintaining state-changing capabilities like account deletion.\n
  • Ingestion points: Untrusted content enters via api.get responses, db.raw query results, and files retrieved from downloadUrl.\n
  • Boundary markers: No explicit instruction delimiters or 'ignore embedded instruction' warnings are present in the skill's logic.\n
  • Capability inventory: The agent has access to api.delete (destructive), api.post (state-changing), and db.raw (database modification).\n
  • Sanitization: No sanitization or validation of external data is performed before it is used to influence agent decisions or downstream actions.\n- External Downloads (MEDIUM): The downloadFile function is called with a URL dynamically retrieved from an external API (response.data.downloadUrl). This allows a compromised data source to force the agent to download and potentially process malicious payloads.\n- Dynamic Execution (LOW): The skill utilizes db.raw to execute database queries. While the examples show basic parameterization, the use of raw SQL by an agent increases the risk of SQL injection if the agent is directed to construct more complex queries from unsanitized external inputs.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:33 PM