Skills
skills/deliay/endfield-development-skills/find-endfield-data/Gen Agent Trust Hub

find-endfield-data

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill makes network requests to the non-whitelisted domain endfield-assets.fffdan.com to retrieve game-related tables and metadata.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for searching and downloading external resources, specifically game assets in .png and .tga formats, from a remote server.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it ingests data from external API endpoints and integrates it into the agent's context without sanitization or boundary markers.
  • Ingestion points: Network data retrieved from various endpoints on https://endfield-assets.fffdan.com (e.g., /table/, /vfs/Bundle/).
  • Boundary markers: Absent; there are no instructions to ignore or isolate commands that might be embedded in the fetched data.
  • Capability inventory: The skill does not contain any scripts for local command execution, shell access, or file system modifications.
  • Sanitization: Absent; the skill does not define any validation logic for the content returned by the external API.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 10:14 AM
Security Audit — agent-trust-hub — find-endfield-data