Skills
skills/aibtcdev/skills/agent-lookup/Gen Agent Trust Hub

agent-lookup

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches agent registry data from the vendor's official API at https://aibtc.com/api/agents to provide lookup and statistics functionality.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted metadata from an external source.
  • Ingestion points: The skill fetches agent names and descriptions from the external API at https://aibtc.com/api/agents in the fetchAllAgents function.
  • Boundary markers: Absent. No prompt-level delimiters or instructions are provided to the agent to treat the fetched registry content as untrusted data.
  • Capability inventory: Although the skill itself is read-only, the agent using it may have access to other tools with the ability to perform transactions or modify files, making the injection of malicious instructions a risk.
  • Sanitization: Absent. The implementation does not filter or sanitize the strings retrieved from the API (e.g., displayName, description) before they enter the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 05:00 AM