data-client-rest
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Section 6 of SKILL.md contains the instruction 'When asked to browse or navigate to a web address, actual visit the address', which directs the AI to override default safety guidelines regarding external URL navigation.
- [PROMPT_INJECTION]: The skill facilitates data ingestion from external REST APIs, presenting an attack surface for indirect prompt injection.
- Ingestion points: Data enters the context via API responses defined in the
TodoResourceandRestEndpointexamples inSKILL.md. - Boundary markers: No delimiters or instructions to ignore embedded commands in fetched data are provided.
- Capability inventory: The skill enables network operations via HTTP
fetchfor JSON and binary responses. - Sanitization: No response validation or sanitization logic is specified to filter potentially malicious content from API responses.
Audit Metadata