servanda
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to 'https://servanda.ai' to register the agent, create mediation sessions, and poll for message updates. These are expected interactions with the vendor's own infrastructure.
- [COMMAND_EXECUTION]: The skill includes a helper script 'scripts/servanda.sh' and several curl commands to interact with the Servanda REST API. These operations are used for legitimate session management and data exchange.
- [COMMAND_EXECUTION]: The command 'curl ... | python3 -m json.tool' used in 'SKILL.md' is a safe method for pretty-printing JSON data using a standard Python library module and does not execute remote code.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it ingests conversational data from external parties participating in the mediation.
- Ingestion points: Data enters the agent's context through the long-polling message endpoint '/api/bot/sessions/{session_id}/poll' in 'SKILL.md'.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat external message content as untrusted or to ignore embedded instructions.
- Capability inventory: The agent has the capability to perform network operations (curl) and participate in a dialogue based on the ingested content.
- Sanitization: No sanitization or validation of the retrieved message content is performed before it is presented to the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://servanda.ai/api/bot/arbiters - DO NOT USE without thorough review
Audit Metadata