api-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The skill performs network operations to domains not included in the trusted whitelist. \n
- Evidence: Network requests are initiated to
api.openai.comandapi.example.cominexamples/openai_api.pyandtemplates/rest_client.py. These domains are not present in the specified trusted exfiltration whitelist. \n- Indirect Prompt Injection (LOW): The skill ingests and processes untrusted data from external API responses, creating a surface for indirect prompt injection. \n - Ingestion points: External data is ingested via
response.json()calls inexamples/github_api.py,examples/openai_api.py, andtemplates/rest_client.py. \n - Boundary markers: Absent. No delimiters or instructions are provided to the agent to treat API responses as untrusted content. \n
- Capability inventory: The skill includes write-access capabilities (POST, PUT, DELETE) which could be misused if the agent obeys instructions embedded in an API response. \n
- Sanitization: Absent. There is no evidence of schema validation or content filtering for the incoming JSON data.
Audit Metadata