track-conflict-events
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to
api.worldmonitor.appto retrieve geolocated armed-conflict event data. - [PROMPT_INJECTION]: The skill ingests and processes untrusted data from the external WorldMonitor API, which introduces a surface for indirect prompt injection if the retrieved content contains malicious instructions.
- Ingestion points: Data is retrieved from the API endpoint
https://api.worldmonitor.app/api/conflict/v1/list-ucdp-eventsand processed by the agent to answer user queries. - Boundary markers: No specific delimiters or instructions to ignore embedded content are provided for the agent to use when handling the API response.
- Capability inventory: The skill is primarily scoped to tool-based network retrieval; there are no instructions suggesting the agent should write files or execute code based on the ingested content.
- Sanitization: The instructions do not define any sanitization, filtering, or validation steps for the data returned by the external service.
- [COMMAND_EXECUTION]: The documentation includes worked examples using
curlandjqcommands, which involves instructions for executing shell commands on the host environment.
Audit Metadata