Skills
skills/jfrog/ai-agent-examples/jfrog-onemodel/Gen Agent Trust Hub

jfrog-onemodel

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses local shell commands like jf, curl, jq, and base64 to interact with the JFrog Platform and process data. These operations are standard for its stated purpose.
  • [EXTERNAL_DOWNLOADS]: The skill fetches its GraphQL schema and query results from the user-configured JFrog Platform URL. These network operations are directed to the vendor's official infrastructure.
  • [CREDENTIALS_UNSAFE]: The skill instructions guide the agent to resolve the JFrog access token and URL from the local CLI configuration. This is necessary for authenticating API requests to the platform.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data (GraphQL schema and API responses) from the JFrog Platform to drive agent logic. While this represents an ingestion surface for external content, the use of jq for parsing and the vendor-controlled nature of the source mitigate the risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 03:44 PM