Skills
skills/tristanmanchester/agent-skills/tracking-pettracer-location/Gen Agent Trust Hub

tracking-pettracer-location

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts scripts/pettracer_cli.py and scripts/pettracer_watch.py to interact with the PetTracer service.
  • [EXTERNAL_DOWNLOADS]: Declares a dependency on the aiohttp library in scripts/requirements.txt for handling WebSocket communications.
  • [DATA_EXPOSURE]: Accesses portal.pettracer.com and pt.pettracer.com to fetch pet location data, which is the primary function of the skill.
  • [PROMPT_INJECTION]: Includes instructions to prevent the agent from asking users to provide credentials in chat. It also identifies an indirect prompt injection surface when processing data from the PetTracer API.
  • [PROMPT_INJECTION]: Indirect prompt injection evidence chain: 1. Ingestion points: Pet metadata and location records retrieved via scripts/pettracer_cli.py. 2. Boundary markers: The skill prompt provides a clear JSON output structure for the agent. 3. Capability inventory: Execution of local scripts and specific network access to PetTracer domains. 4. Sanitization: The scripts perform JSON parsing and validation of data types like coordinates and timestamps.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 05:43 PM