profile-explorer
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
curlutility to perform HTTP requests to the Lytics API for retrieving profile details and segment memberships. - [EXTERNAL_DOWNLOADS]: All API interactions are directed to
api.lytics.io, the official domain for the vendor providing the service. - [PROMPT_INJECTION]: The skill retrieves and displays user profile data from external API responses, which constitutes a potential surface for indirect prompt injection.
- Ingestion points: Identity and attribute data enters the agent context from the
api.lytics.ioAPI responses. - Boundary markers: The skill does not specify markers to isolate fetched profile data within the prompt summary.
- Capability inventory: The skill is restricted to making authenticated network requests via
curl; no dangerous capabilities such as local file modifications or dynamic code execution are present. - Sanitization: The skill presents profile data as retrieved from the authenticated vendor API without additional sanitization steps mentioned.
Audit Metadata