huly-api
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted chat messages from the Huly platform, which constitutes an indirect prompt injection surface.\n
- Ingestion points: Data from external users enters the agent's context through the
list-channel-messagesoperation inscripts/huly-api.py.\n - Boundary markers: No explicit delimiters or 'ignore' instructions are provided to the agent to isolate retrieved chat content from its internal system instructions.\n
- Capability inventory: The agent possesses the capability to create tracker issues, post chat messages, and update teamspace documents, actions that could be manipulated via malicious content in the chat history.\n
- Sanitization: The helper script retrieves and presents chat message content to the agent without any validation or sanitization.\n- [COMMAND_EXECUTION]: The skill uses a Python helper script to perform network requests via the standard
urlliblibrary. These operations target vendor-owned infrastructure (huly.proompteng.ai) and internal services. The script was analyzed and found to contain no sub-process spawning or dynamic code evaluation logic.
Audit Metadata