track-conflict-events

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to api.worldmonitor.app to retrieve geolocated armed-conflict event data.
  • [PROMPT_INJECTION]: The skill ingests and processes untrusted data from the external WorldMonitor API, which introduces a surface for indirect prompt injection if the retrieved content contains malicious instructions.
  • Ingestion points: Data is retrieved from the API endpoint https://api.worldmonitor.app/api/conflict/v1/list-ucdp-events and processed by the agent to answer user queries.
  • Boundary markers: No specific delimiters or instructions to ignore embedded content are provided for the agent to use when handling the API response.
  • Capability inventory: The skill is primarily scoped to tool-based network retrieval; there are no instructions suggesting the agent should write files or execute code based on the ingested content.
  • Sanitization: The instructions do not define any sanitization, filtering, or validation steps for the data returned by the external service.
  • [COMMAND_EXECUTION]: The documentation includes worked examples using curl and jq commands, which involves instructions for executing shell commands on the host environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 02:21 PM
Security Audit — agent-trust-hub — track-conflict-events