blink-connectors
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'blink' CLI tool to perform API actions against various third-party providers. This is a primary feature of the skill.\n- [DATA_EXFILTRATION]: The skill provides the ability to read from and write to sensitive external platforms (e.g., Google Drive, Stripe, Salesforce). These interactions occur via OAuth connections that the user must explicitly authorize through the vendor's website.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from external third-party services which may contain untrusted instructions.\n
- Ingestion points: External data enters the agent's context through the 'blink_connector_exec' tool when reading from providers (SKILL.md).\n
- Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the skill configuration.\n
- Capability inventory: The skill possesses extensive capabilities to read and write data across dozens of integrated services via the 'blink_connector_exec' tool (SKILL.md).\n
- Sanitization: There are no explicit sanitization or filtering mechanisms defined for the data retrieved from external APIs.
Audit Metadata