scout
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill contains only documentation files (markdown) that describe how an AI agent should interact with the Scout API. No malicious scripts, hardcoded credentials, or persistence mechanisms were found.
- [NO_CODE]: The skill package does not include any executable code or binaries; it provides the instructions necessary for the agent to use external tools like cURL or the official SDK.
- [EXTERNAL_DOWNLOADS]: The skill documentation correctly identifies the official
scoutosnpm package and standard installation commands for the platform. These resources are provided by the trusted vendor. - [PROMPT_INJECTION]: The skill facilitates data ingestion from external, potentially untrusted sources (such as website crawlers and cloud syncs), which represents a surface for indirect prompt injection.
- Ingestion points: External data sources like sitemaps, website crawlers, and third-party integrations (Notion, Google Drive) defined in
SKILL.md. - Boundary markers: No explicit boundary markers or security warnings are included in the documentation to isolate retrieved content.
- Capability inventory: Full data CRUD operations, file management on Scout Drive, and interaction with AI assistants are available through the API.
- Sanitization: No documentation exists regarding the sanitization of synced external content before it reaches the agent context.
Audit Metadata