coze-api
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The script 'scripts/coze_client.py' performs network requests to 'https://api.coze.cn'. This is necessary for the skill's functionality, but the domain is not in the predefined trust scope.
- [PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface as it processes external content from the Coze API.
- Ingestion points: User messages and API-generated content in 'scripts/coze_client.py'.
- Boundary markers: No markers are used to delimit untrusted content.
- Capability inventory: The skill is limited to network operations via the 'requests' library; no filesystem or subprocess capabilities were found.
- Sanitization: No input or output validation is implemented for the data retrieved from the API.
Audit Metadata