person-lookup
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, persistence mechanisms, or credential theft attempts were detected. The skill's operations are transparent and consistent with its stated purpose of researching person backgrounds.
- [COMMAND_EXECUTION]: The skill uses the
orth runcommand to invoke external APIs. It correctly encapsulates search parameters within JSON payloads to prevent command injection vulnerabilities. - [PROMPT_INJECTION]: The skill ingests data from external person-research services, creating an indirect prompt injection surface as outlined in Category 8.
- Ingestion points: Results from API calls to the
nyneandfibertools as defined inSKILL.md. - Boundary markers: Absent; external data is presented directly to the agent's context.
- Capability inventory: Shell command execution via
orth run(SKILL.md). - Sanitization: No explicit validation or filtering of the retrieved profile data is specified.
Audit Metadata