create-milestone
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface.
- Ingestion points: Project and grant metadata retrieved from the external Karma API (gapapi.karmahq.xyz).
- Boundary markers: The skill does not define specific markers or instructions to distinguish API data from agent instructions.
- Capability inventory: The skill uses curl for network POST requests to execute actions and python3 for JSON parsing.
- Sanitization: API content such as project titles and descriptions are processed and presented to the agent without explicit sanitization or validation.
- [COMMAND_EXECUTION]: Employs curl and python3 to fetch and parse JSON data from the vendor's API. These commands are hardcoded in the skill and are used for legitimate communication with the protocol's infrastructure.
Audit Metadata