rw-check-org-details
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network operations targeting
api.dev.runwayml.com. These requests are used to fetch organization-level metadata and usage statistics, which is the primary purpose of the skill. The target domain is a sub-domain of the vendor's primary infrastructure. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates external data into the agent's context.
- Ingestion points: External API responses from
https://api.dev.runwayml.com/v1/organizationand/v1/organization/usage(referenced in SKILL.md). - Boundary markers: Absent. No delimiters or instructions are provided to the agent to treat the API response as data rather than instructions.
- Capability inventory: The skill allows execution of Node.js, Python, and cURL commands via the
Bashtool, providing a medium-risk capability surface if the agent is manipulated. - Sanitization: Absent. The skill does not perform validation or filtering on the retrieved JSON data before presentation.
Audit Metadata