airtable
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: All network requests are directed to
api.airtable.com. This is a well-known and trusted service provider, and the communication is essential for the skill's operation. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests data from external Airtable records which could contain instructions intended to influence the agent.
- Ingestion points: API response data from
api.airtable.comas defined inSKILL.md. - Boundary markers: The current implementation lacks boundary markers or instructions to ignore embedded text.
- Capability inventory: The skill enables reading, creating, and updating records using
curlandjq. - Sanitization: No sanitization or data validation is performed on the content retrieved from Airtable fields.
Audit Metadata