google-analytics
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill documentation directs users to install components from the refly.ai platform using the 'refly skill install' command. While specific to the platform, this involves downloading logic from an external, non-whitelisted source.
- COMMAND_EXECUTION (SAFE): The skill uses standard shell utilities like jq and echo to manage workflow data. These commands are used with fixed patterns and do not involve dynamic execution of untrusted input.
- PROMPT_INJECTION (LOW): The skill presents an Indirect Prompt Injection surface (Category 8) because it retrieves and processes external analytics data.
- Ingestion points: Analytics data is ingested into the agent context in SKILL.md via the 'refly workflow toolcalls' command.
- Boundary markers: Absent; the content is echoed directly into the agent's context without delimiters or instructions to ignore embedded commands.
- Capability inventory: The agent can execute Refly CLI commands and open web URLs.
- Sanitization: No sanitization or validation logic is applied to the retrieved analytics content before it is processed by the agent.
Audit Metadata