chat
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches information from an external API at
https://chat.keri.host/api/chatto provide spec-grounded answers. This is part of the core functionality described in the documentation. - [COMMAND_EXECUTION]: Provides documentation for a
curlfallback command, which allows users to interact with the API directly using shell utilities likecurl,grep,sed, andjq. - [DATA_EXFILTRATION]: Transmits user-provided messages and base64-encoded file attachments to the vendor's API at
keri.host. This represents the intended data flow for the chat and document summarization features. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from external sources and user attachments.
- Ingestion points: Untrusted data enters the agent context via the
attachmentsarray and the Server-Sent Events (SSE) stream from the remote API. - Boundary markers: No specific boundary markers or instructions to ignore embedded commands were found in the skill definition.
- Capability inventory: The skill is designed to perform architecture reviews, evaluate spec compliance, and suggest design corrections based on the data it receives.
- Sanitization: No sanitization or filtering of the external API response or attachment content is indicated.
Audit Metadata