Skills
skills/stackonehq/agent-plugins-marketplace/stackone-connect/Gen Agent Trust Hub

stackone-connect

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill installs the @stackone/hub and @stackone/react-hub packages and fetches live documentation from docs.stackone.com. While these are the official domains for the service described, they are not on the predefined list of trusted sources.
  • PROMPT_INJECTION (LOW): Detects an indirect prompt injection surface where the agent is instructed to fetch and follow external documentation which could theoretically be manipulated to influence agent behavior.
  • Ingestion points: SKILL.md (References to docs.stackone.com and npmjs.com in Instructions and Troubleshooting sections).
  • Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the fetched docs.
  • Capability inventory: The skill generates curl commands and React application code.
  • Sanitization: Absent; no validation or filtering is performed on the content fetched from the external documentation URLs.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:50 PM