Skills
skills/seed-hypermedia/seed/seed-hypermedia-read/Gen Agent Trust Hub

seed-hypermedia-read

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs shell-based operations including checking for binaries, executing gRPC calls via grpcurl, and downloading data via curl. It includes instructions for installing system dependencies using sudo with standard package managers like apt-get, dnf, and pacman.
  • [EXTERNAL_DOWNLOADS]: The skill references the grpcurl utility from FullStory's GitHub repository and suggests downloading the binary if it is not available through system package managers.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing user-supplied Hypermedia IRIs and IPFS CIDs (Ingestion points: SKILL.md). These values are interpolated into shell commands for tool execution (Capability inventory: SKILL.md). The skill does not provide specific instructions for sanitizing these inputs (Sanitization: Absent) or utilizing boundary markers to prevent command injection (Boundary markers: Absent).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 09:27 PM