smart-spawn-api

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [SAFE]: No security threats or malicious behaviors were detected.\n- [EXTERNAL_DOWNLOADS]: The skill initiates network requests to ss.deeflect.com. These are API calls used to retrieve model configuration and task decomposition data.\n- [DATA_EXFILTRATION]: The skill transmits user-defined task descriptions to the vendor's API. This behavior is documented and necessary for the skill's model-selection logic.\n- [SAFE]: An indirect prompt injection surface exists where the API returns a fullPrompt used in subsequent sessions_spawn calls. Ingestion points: /api/roles/compose response; Boundary markers: None; Capability inventory: sessions_spawn; Sanitization: None. This is consistent with the skill's orchestration purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:42 PM
Security Audit — agent-trust-hub — smart-spawn-api