explore-category
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs standard network requests to the vendor's own domain (
agenticstack.sh) to fetch JSON metadata about tool categories. This behavior is consistent with its stated purpose and does not involve sensitive user data or privileged system access. - [PROMPT_INJECTION]: The skill ingests editorial markdown and metadata from an external API response, creating a surface for indirect prompt injection.
- Ingestion points: JSON response data from
https://agenticstack.sh/api/json/categories/{slug}(specifically thebodyandfeature_definitionsfields). - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when presenting the external content to the agent.
- Capability inventory: The skill does not request or use high-risk tools (e.g., shell access, file writes, or credential access).
- Sanitization: No sanitization or validation of the retrieved editorial content is specified in the instruction file.
Audit Metadata