Skills
skills/escapewu/skills/agent-toolkit-setup/Gen Agent Trust Hub

agent-toolkit-setup

Warn

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Instructions direct the agent to modify the local environment configuration by writing the AGENT_TOOLKIT_BASE_URL and AGENT_TOOLKIT_API_KEY directly into the project's .env file.
  • [DATA_EXFILTRATION]: The skill accesses sensitive credentials (API keys) and transmits them via HTTP headers to remote endpoints determined by environment variables.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core design of fetching external content and injecting it into the agent's prompt.
  • Ingestion points: Fetches skill definitions and reference Markdown files from remote API endpoints (e.g., GET /api/agent-skills/{skill_name}/SKILL.md).
  • Boundary markers: No specific boundary markers or "ignore instructions" warnings are defined for the fetched content.
  • Capability inventory: File system access (writing to .env) and network request capabilities.
  • Sanitization: No evidence of sanitization, escaping, or validation of the remote Markdown content before it is interpolated into the agent's prompt instructions.
  • [EXTERNAL_DOWNLOADS]: The skill performs multiple network requests to discover and download operational instructions, manifests, and documentation from external API endpoints defined at runtime.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 18, 2026, 09:03 PM