konecty-find
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from the Konecty API, creating an indirect prompt injection surface where malicious records could influence agent behavior. Ingestion points: API responses are fetched in
scripts/find.pyvia_do_request. Boundary markers: None are present to distinguish API data from system instructions. Capability inventory: The skill performs network requests usingurlliband reads configuration from~/.konecty/.envinscripts/find.py. Sanitization: The script does not sanitize or filter the content of the API response before returning it to the agent context. - [SAFE]: No malicious behavior or traditional attack vectors were detected. The script uses standard libraries and performs actions consistent with its stated purpose of searching a database via a REST API.
Audit Metadata