Skills
skills/holon-run/uxc/line-openapi-skill/Gen Agent Trust Hub

line-openapi-skill

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the execution of the uxc command-line utility and creates a local alias line-openapi-cli to perform REST operations.
  • [EXTERNAL_DOWNLOADS]: The skill downloads a curated OpenAPI specification from the author's GitHub repository (holon-run/uxc) to dynamically configure the command-line interface.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection through data ingested from the external LINE Messaging API.
  • Ingestion points: External data enters the agent's context through bot info lookup (/v2/bot/info) and user profile retrieval (/v2/bot/profile/{userId}).
  • Boundary markers: There are no explicit delimiters or instructions to treat data from the API as untrusted content, which could lead the agent to interpret data as instructions.
  • Capability inventory: The agent has the capability to send messages (push, reply) and modify webhook configurations (put:/v2/bot/channel/webhook/endpoint).
  • Sanitization: The skill does not implement or describe any sanitization or validation of the data retrieved from the API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 03:14 AM