uapi-get-game-steam-summary
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to interact with
https://uapis.cn, an external domain. It specifically defines akeyparameter to allow users to provide their Steam Web API Key, which is then transmitted to this third-party service. While the documentation provides a security warning about client-side key leakage, the mechanism itself involves sending credentials to an unverified external endpoint. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. The agent is instructed to retrieve and process Steam profile data (nicknames, real names, summaries) from an external API. Maliciously crafted data in a Steam profile could potentially influence the agent's behavior during the summarization process.
- [NO_CODE]: The skill contains no executable scripts (e.g., Python, JavaScript, Shell). It consists entirely of Markdown documentation and YAML configuration, which limits the potential for direct code execution or local file access attacks.
Audit Metadata