new
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWDATA_EXFILTRATION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill performs network requests using
WebFetchtovibeindex.ai. This domain is not on the pre-approved whitelist, representing a standard network operation to an external provider. - [Indirect Prompt Injection] (LOW): The skill processes untrusted data from an external source that could potentially contain malicious instructions.
- Ingestion points:
https://vibeindex.ai/api/resources(External API response). - Boundary markers: None. The agent is instructed to directly extract fields from the raw response without delimiters.
- Capability inventory: Limited to
WebFetch(network read) and displaying results in a table. - Sanitization: None. The skill lacks validation or escaping for the data returned by the API before it is presented to the user.
Audit Metadata