Skills
skills/show-karma/skills/update-project/Gen Agent Trust Hub

update-project

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands like curl to interact with the Karma API and python3 to parse the resulting JSON payloads. These operations are intended for searching and updating project information.
  • [EXTERNAL_DOWNLOADS]: Network requests are made to gapapi.karmahq.xyz. This is a vendor-owned domain belonging to Karma and is used for its intended purpose of project management.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and prints project titles and descriptions from an external API without sanitization or boundary markers.
  • Ingestion points: Project metadata is ingested via the /v2/projects search endpoint in the Finding the Project UID section.
  • Boundary markers: No delimiters or instructions are provided to the agent to treat the retrieved project data as untrusted content.
  • Capability inventory: The agent has access to the KARMA_API_KEY and the ability to perform authenticated POST requests to the Karma API.
  • Sanitization: There is no evidence of filtering or escaping project titles or descriptions before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 09:26 PM