airtop-agents
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands including curl, jq, grep, and cut to interact with the Airtop REST API and manage the user's API key stored in the environment or a .env file.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to api.airtop.ai for listing agents, fetching webhook configurations, and polling for invocation results. These requests target the official infrastructure of the service provider.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by ingesting and displaying external data provided by the Airtop API.
- Ingestion points: API responses from the list agents, agent details, and invocation result endpoints at api.airtop.ai (documented in SKILL.md).
- Boundary markers: The skill lacks explicit delimiters or instructions for the agent to ignore potentially malicious content within agent names or execution outputs.
- Capability inventory: The skill utilizes the Bash tool to perform network requests and process JSON data.
- Sanitization: The skill uses jq for structured JSON parsing and URI-encodes user-provided agent names used in API paths to prevent basic injection patterns.
Audit Metadata