find-services
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple openspend CLI commands, including version checks, identity verification, and marketplace searches.
- [COMMAND_EXECUTION]: Includes the command openspend auth login -y, which performs automated authentication by bypassing confirmation prompts, potentially modifying the environment's security session or credentials.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted data from an external marketplace search.
- Ingestion points: Output from the openspend search --json command.
- Boundary markers: Absent; the skill does not use delimiters or instructions to distinguish marketplace data from core agent instructions.
- Capability inventory: The skill uses shell execution via the openspend CLI tool.
- Sanitization: No validation or sanitization of the search results is performed before they are incorporated into the agent context.
Audit Metadata