time-tracking
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): Automated scans identified a high-risk pattern where content fetched from 'https://www.rescuetime.com/anapi/focustime' is passed to a subprocess for execution. This vulnerability could allow an attacker to execute arbitrary commands if the remote API response is compromised.
- EXTERNAL_DOWNLOADS (LOW): The skill initiates network connections to 'api.track.toggl.com' and 'www.rescuetime.com'. These domains are not included in the trusted source whitelist.
- PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface.
- Ingestion points: Data is ingested from the Toggl and RescueTime REST APIs.
- Boundary markers: No delimiters or instructions are used to separate API data from the agent's core logic.
- Capability inventory: The skill possesses the ability to make state-changing POST and PATCH requests to external services.
- Sanitization: There is no evidence of sanitization or validation of the ingested JSON data before it is processed.
- CREDENTIALS_UNSAFE (SAFE): The skill correctly instructs users to use environment variables for API keys, which is a security best practice.
Recommendations
- HIGH: Downloads and executes remote code from: https://www.rescuetime.com/anapi/focustime - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata