reversing-network
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the
@robomotion/sdkNode.js package, which is the official SDK for the skill's authoring organization. - [DATA_EXFILTRATION]: While the skill involves capturing network traffic (including headers and bodies), it is a developer tool designed for this purpose. The instructions include a specific rule to "Store credentials in vault — never hardcode API keys or tokens," promoting secure data handling.
- [DYNAMIC_EXECUTION]: The skill utilizes the
Core.Programming.Functionnode to execute JavaScript logic for processing API responses. This is a standard feature of the Robomotion platform and the examples provided use static templates for data transformation. - [PROMPT_INJECTION]: The skill includes an attack surface for indirect prompt injection as it processes untrusted data from external network captures.
- Ingestion points: Network request/response data is ingested via
browser_get_request_response(documented in SKILL.md). - Boundary markers: No specific delimiters or "ignore" instructions are present in the provided templates to isolate external data from the agent's logic.
- Capability inventory: The skill uses
Core.Net.HttpRequestfor network operations andCore.Programming.Functionfor code execution. - Sanitization: The provided code templates perform data extraction but do not demonstrate explicit sanitization or validation of the ingested network content.
Audit Metadata