Skills
skills/transloadit/skills/docs-transloadit-robots/Gen Agent Trust Hub

docs-transloadit-robots

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill uses npx -y @transloadit/node to download and execute code directly from the npm registry.
  • Evidence: Seen in commands npx -y @transloadit/node docs robots list and npx -y @transloadit/node docs robots get.
  • Risk: Unverifiable dependencies executed at runtime can lead to supply chain attacks if the package or registry is compromised.
  • PROMPT_INJECTION (INFO): The skill possesses an indirect injection surface by ingesting documentation data from an external CLI tool.
  • Ingestion points: CLI output from @transloadit/node (SKILL.md).
  • Boundary markers: None present.
  • Capability inventory: Display only (documentation lookup). No file-write or network-send capabilities based on the ingested data are defined.
  • Sanitization: None detected. Output is used to populate agent context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 01:04 PM