streak
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes curl commands via bash -c to interact with the Streak API. This is a functional requirement for the skill to perform CRM operations like managing pipelines and contacts.
- [EXTERNAL_DOWNLOADS]: Retrieves data from api.streak.com, which is the official endpoint for the well-known Streak CRM service.
- [PROMPT_INJECTION]: The skill processes external data from the Streak API (e.g., comments, thread details, and box names) which constitutes an indirect prompt injection surface.
- Ingestion points: API responses from https://api.streak.com/api/v1/... (SKILL.md).
- Boundary markers: Absent.
- Capability inventory: bash -c, curl (SKILL.md).
- Sanitization: Absent.
Audit Metadata