api-tester
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to construct and execute
curlcommands using variables such asURL,headers, andbodyderived from user input. This creates a surface for shell injection if the agent does not properly escape metacharacters (e.g., semicolons, backticks) provided in the URL or payload. - PROMPT_INJECTION (LOW): The skill possesses an Indirect Prompt Injection surface (Category 8).
- Ingestion points: The skill reads response bodies from external URLs via
requests.get/postandcurloutput. - Boundary markers: None. The instructions do not provide delimiters or warnings to ignore instructions embedded in the API response data.
- Capability inventory: The agent can make further network requests and execute system commands (
curl) based on its analysis of these responses. - Sanitization: No sanitization or validation of the remote response content is performed before the agent processes it for 'debugging' or 'reporting'.
- DATA_EXFILTRATION (LOW): There is a risk of Server-Side Request Forgery (SSRF) or exfiltration if a user or an attacker-controlled API redirects the agent to internal network resources or sensitive local endpoints. While the skill guidelines suggest masking tokens in output, the underlying network operations still transmit this data to the specified endpoint.
Audit Metadata