make
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
bash,curl, andjqto interact with the Make API. It dynamically assembles these commands to include authentication tokens from environment variables. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external Make API responses. 1. Ingestion points: Untrusted data enters the agent context through API responses from
make.com(e.g., scenario names, logs, and data store records) as seen inSKILL.md. 2. Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard potential commands embedded within the retrieved data. 3. Capability inventory: The skill allows for command execution (curl,bash,jq) and the creation of temporary files (/tmp/make_request.json). 4. Sanitization: There is no evidence of sanitization or filtering of the content received from the API before it is processed by the agent.
Audit Metadata