Skills
skills/yonatangross/orchestkit/function-calling/Gen Agent Trust Hub

function-calling

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill implements a tool execution loop that processes untrusted data. \n
  • Ingestion points: user_message in scripts/function-def.py accepts external input. \n
  • Boundary markers: The script lacks explicit delimiters or instructions to isolate user input from the model's tool-calling logic. \n
  • Capability inventory: The registry.execute function allows the execution of registered Python functions based on LLM decisions. In the provided example, the tools (search_documents, get_weather) are read-only and have low impact. \n
  • Sanitization: The implementation uses OpenAI's strict mode and JSON schema validation to ensure structured arguments, which prevents schema confusion but does not validate the semantic safety of the input text.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 12:14 AM