Skills
skills/show-karma/skills/create-grant/Gen Agent Trust Hub

create-grant

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill communicates with the official Karma API at gapapi.karmahq.xyz to retrieve project, community, and program metadata. These are authorized vendor resources.
  • [COMMAND_EXECUTION]: The skill uses curl and python3 -c to process JSON data retrieved from the API. The Python scripts are static, embedded within the skill file, and used for filtering and formatting data for the agent.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from external API responses (such as project titles or community descriptions).
  • Ingestion points: Data returned from the v2/projects, v2/communities, and /programs API endpoints as defined in SKILL.md.
  • Boundary markers: No specific delimiters or instructions are used to separate API-returned data from the agent's internal instructions.
  • Capability inventory: The skill utilizes curl for network operations and python3 for data processing.
  • Sanitization: The embedded Python scripts extract specific JSON fields but do not perform sanitization or escaping on the string values before presenting them to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 09:26 PM