scan-cyber-threats

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to api.worldmonitor.app to fetch active malware indicators and vulnerability data.
  • [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection via external data ingestion. 1. Ingestion points: Data enters the agent context through the list-cyber-threats endpoint described in SKILL.md. 2. Boundary markers: The instructions do not specify any delimiters or safety warnings to distinguish between API-provided data and the agent's instructions. 3. Capability inventory: The skill enables the agent to fetch, process, and display malware families, indicators of compromise, and vulnerability descriptions. 4. Sanitization: No sanitization or verification logic is provided for the external data payload.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 03:29 PM
Security Audit — agent-trust-hub — scan-cyber-threats