acquire
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides templates to download datasets from well-known sources, including StatsBomb's GitHub repository and various football data providers. These references are standard for the intended sports analytics use case.\n- [PROMPT_INJECTION]: The skill ingests content from external web sources and APIs, which creates a potential surface for indirect prompt injection.\n
- Ingestion points: Data is fetched from GitHub and third-party APIs such as FBref, Understat, and SportMonks.\n
- Boundary markers: No boundary markers are used to isolate ingested data from the agent's instruction context.\n
- Capability inventory: The skill includes access to powerful tools like
Bash,Write, andRead, which could be exploited if malicious instructions in external data are processed.\n - Sanitization: The skill lacks instructions to sanitize or validate the content of the data before it is presented to the agent.
Audit Metadata