bitrix
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Potential for indirect prompt injection via data ingested from the Bitrix24 API.\n
- Ingestion points: API responses from Bitrix24 methods (e.g.,
user.get.json,crm.lead.list.json) which are processed by the agent.\n - Boundary markers: Absent; the skill does not instruct the agent to use delimiters or ignore instructions within the retrieved data.\n
- Capability inventory: Shell execution via
bash -c, network requests viacurl, and file system write access in/tmp.\n - Sanitization: Absent; data returned from the API is read directly by the agent without explicit validation or escaping.\n- COMMAND_EXECUTION (LOW): The skill utilizes
bash -cto executecurlcommands. While this is used to handle environment variable interpolation, it creates a surface for shell injection if the agent interpolates user-controlled parameters (such as lead IDs or filter values) without proper escaping.
Audit Metadata