grpc
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches official gRPC and Protobuf development tools from trusted sources, including Google's Go package repositories and official registries for Node.js (NPM) and Python (PyPI).
- [COMMAND_EXECUTION]: Employs standard system package managers (brew, apt) and language-specific managers (npm, pip, go) to install dependencies, as well as the protocol buffer compiler (protoc) for generating client/server code.
- [PROMPT_INJECTION]: Detected a surface for indirect prompt injection (Category 8) due to the handling of untrusted external content.
- Ingestion points: The skill processes user-supplied protocol buffer schemas (
SKILL.md) and external data files like CSVs (mentioned in Example 2). - Boundary markers: None; the instructions do not include delimiters or warnings to ignore potentially malicious instructions embedded within the ingested data.
- Capability inventory: The skill has the capability to perform command execution and file operations within the development environment.
- Sanitization: The provided code implementation lacks explicit validation or sanitization of input data before processing it in RPC handlers.
Audit Metadata