smart-spawn-api
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [SAFE]: No security threats or malicious behaviors were detected.\n- [EXTERNAL_DOWNLOADS]: The skill initiates network requests to ss.deeflect.com. These are API calls used to retrieve model configuration and task decomposition data.\n- [DATA_EXFILTRATION]: The skill transmits user-defined task descriptions to the vendor's API. This behavior is documented and necessary for the skill's model-selection logic.\n- [SAFE]: An indirect prompt injection surface exists where the API returns a fullPrompt used in subsequent sessions_spawn calls. Ingestion points: /api/roles/compose response; Boundary markers: None; Capability inventory: sessions_spawn; Sanitization: None. This is consistent with the skill's orchestration purpose.
Audit Metadata