postman
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The
package_skill.shscript andCONTRIBUTING.mddocumentation explicitly include the.envfile—which stores thePOSTMAN_API_KEY—into the final ZIP package for the skill. This practice creates a significant risk of credential leakage if the user shares the resulting ZIP file, as the API key is bundled inside it by design. - COMMAND_EXECUTION (MEDIUM): The
scripts/run_collection.pyscript usessubprocess.runto execute thenewmanutility. While it passes arguments as a list to prevent basic shell injection, it still executes an external binary whose integrity is not managed by the skill itself. - EXTERNAL_DOWNLOADS (LOW): The skill requires the manual installation of the
newmanpackage vianpm. This creates a dependency on external package managers and third-party code that is executed at runtime. - INDIRECT_PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection as it processes data from the Postman API (such as collection names, request descriptions, and monitor statuses) and presents it to the agent without sanitization.
- Ingestion points: Data retrieved from
api.getpostman.comvia scripts likescripts/list_collections.py. - Boundary markers: None. The agent is not provided with delimiters or instructions to ignore embedded commands in the API data.
- Capability inventory: The skill has the ability to execute shell commands (
subprocess.run) and access the file system. - Sanitization: None. The formatting logic in
utils/formatters.pydoes not sanitize or escape content retrieved from the API.
Recommendations
- AI detected serious security threats
Audit Metadata