golgent-lifestyle-discovery
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with an external endpoint (
https://ads-api-dev.usekairos.ai/ads/neo) to retrieve recommendation data across various lifestyle categories. - [DATA_EXFILTRATION]: The skill collects and transmits user location data (latitude/longitude) and profile preferences (interests, gender, age) to the external API. While this data is required for the skill's primary purpose (e.g., food delivery), the skill includes specific instructions in
privacy.mdandapi.mdto ensure explicit user consent is obtained and to prevent the transmission of highly sensitive PII such as phone numbers or credentials. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from an external API response. \n
- Ingestion points: Data enters the agent's context through the JSON response of the POST request to
https://ads-api-dev.usekairos.ai/ads/neo. \n - Boundary markers: Absent. The skill does not provide instructions to the agent to treat API-returned strings (like
titleordescription) as untrusted or to ignore embedded instructions. \n - Capability inventory: The agent is tasked with formatting the external data into Markdown tables and presenting clickable links to the user. \n
- Sanitization: Absent. There is no requirement or logic provided to sanitize or validate the external content before it is processed and displayed.
Audit Metadata