fetch-api-reference
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches latest API reference documentation from the official developer documentation site.
- [SAFE]: Correctly identifies that API secrets should be managed as placeholders rather than hardcoded credentials.
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by instructing the agent to treat remote web content as an authoritative source of truth.
- Ingestion points: Fetches remote content from the RunwayML documentation URL specified in SKILL.md.
- Boundary markers: Absent; external content is explicitly instructed to take precedence over existing skill documentation.
- Capability inventory: The agent uses the retrieved data to guide integrations involving API requests and data handling.
- Sanitization: No validation or sanitization logic is provided for the fetched documentation content.
Audit Metadata