nutmeg
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a high-level orchestrator for football analytics workflows and does not contain any malicious behavior.
- [SAFE]: The skill implements security best practices by instructing the agent to warn users about the risks of committing API keys to version control systems.
- [PROMPT_INJECTION]: The skill possesses a potential attack surface for indirect prompt injection. Ingestion points: Untrusted data enters the context through
WebFetchandWebSearchtools. Boundary markers: None are defined in the provided instructions. Capability inventory: The agent is permitted to useBash,Write, andAgenttools. Sanitization: No validation or escaping of external data is implemented.
Audit Metadata