Skills
skills/difflabai/ats-skill/ats/Gen Agent Trust Hub

ats

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and displays task titles, descriptions, and messages from an external service (https://ats.difflab.ai). Malicious instructions could be placed in these fields by an external actor to influence the agent's behavior.\n
  • Ingestion points: Untrusted data is retrieved through ats list, ats get, ats message list, and the ats watch WebSocket stream.\n
  • Boundary markers: There are no boundary markers or instructions to the agent to disregard instructions found within the fetched data.\n
  • Capability inventory: The skill can read and write configuration files in the user's home directory (~/.ats/config) and make network requests to the ATS backend.\n
  • Sanitization: No sanitization is performed on the data received from the API before it is shown to the agent.\n- [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing the @difflabai/ats-cli package from the NPM registry. This is a vendor-owned package providing the CLI functionality.\n- [COMMAND_EXECUTION]: The skill operates by executing shell commands using the ats binary. Examples in the documentation also show the agent using shell pipelines with jq and loops to automate task management.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 12:33 AM