xmtp-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill performs network requests to docs.xmtp.org. While this domain is not on the primary whitelist, it is the official documentation site for XMTP and no sensitive data is transmitted.
- [Indirect Prompt Injection] (LOW): The skill ingests data from external URLs, creating a surface for indirect prompt injection.
- Ingestion points: Content fetched from docs.xmtp.org via WebFetch (SKILL.md).
- Boundary markers: Delimiters are not explicitly defined in the fetch instructions.
- Capability inventory: The skill is limited to network read operations via WebFetch.
- Sanitization: No explicit sanitization or validation of the fetched content is performed.
Audit Metadata