Skills
skills/smallnest/goskills/coze-api/Gen Agent Trust Hub

coze-api

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection where malicious instructions embedded in processed data could influence the behavior of the integrated Coze agent.
  • Ingestion points: The message parameter in scripts/coze_client.py (methods chat, stream_chat, chat_with_polling) and corresponding functions in SKILL.md.
  • Boundary markers: Absent. User input is directly placed into the additional_messages array in the JSON request body.
  • Capability inventory: The skill uses the requests library to perform network operations, sending data to the Coze API (api.coze.cn).
  • Sanitization: None. The content is passed as a raw string to the external API.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 01:10 PM