Skills
skills/tiangong-ai/skills/regulationsgov-comment-detail-fetch/Gen Agent Trust Hub

regulationsgov-comment-detail-fetch

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script regulationsgov_comment_detail_fetch.py makes network requests to the official government API at https://api.regulations.gov/v4 to retrieve comment metadata and attachments.
  • [COMMAND_EXECUTION]: The skill defines several CLI commands in SKILL.md for checking configuration and executing the fetch script, which is the intended primary purpose of the skill.
  • [DATA_EXFILTRATION]: The skill transmits the user-provided REGGOV_API_KEY to the official api.regulations.gov endpoint via the X-Api-Key header. This is required for authentication and is documented in the skill's instructions.
  • [SAFE]: Analysis of the Python script and markdown files found no evidence of prompt injection, obfuscation, persistence mechanisms, or unauthorized privilege escalation. The script uses standard library modules and properly sanitizes input comment IDs using urllib.parse.quote before including them in API request paths.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 01:59 AM