list-enrichment
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection by processing external data that could contain adversarial instructions.
- Ingestion points: The skill reads local documentation in
references/api_reference.md, fetches live documentation fromhttps://www.extruct.ai/docs, and ingests research results from company tables viaGET /v1/tables/{table_id}/data. - Boundary markers: The workflow lacks explicit delimiters or instructions to ignore embedded commands within the fetched external data.
- Capability inventory: The skill is capable of performing HTTP GET, POST, and DELETE requests to the Extruct API and updating local markdown files.
- Sanitization: No sanitization or validation of the documentation or research results is performed before the data is used to influence the agent's workflow.
- [COMMAND_EXECUTION]: The skill executes a shell command to verify the local environment configuration.
- Evidence: In
SKILL.md, the skill runstest -n "$EXTRUCT_API_TOKEN"to check for the presence of the required API token before initiating API interactions.
Audit Metadata