supadata
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from web pages and video transcripts which may contain instructions designed to influence the agent. Ingestion points: api.supadata.ai/v1/transcript and api.supadata.ai/v1/web/scrape. Boundary markers: Absent. Capability inventory: Shell execution and network access. Sanitization: None.
- [Command Execution] (LOW): The skill utilizes bash -c to execute API calls via curl. Evidence: Patterns found throughout the How to Use section of SKILL.md.
- [Data Exposure & Exfiltration] (LOW): Network operations are directed to api.supadata.ai, which is not on the trusted domain whitelist. Evidence: Base URL https://api.supadata.ai/v1.
Audit Metadata