seoul-subway-arrival
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the use of the curl command to perform HTTP GET requests to a proxy server for data retrieval. It also suggests the optional use of the jq utility for processing JSON responses.
- [DATA_EXFILTRATION]: The skill performs outbound network requests to an external endpoint defined by the KSKILL_PROXY_BASE_URL environment variable. While necessary for functionality, this pattern involves sending station names as data parameters to an external service.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and summarizes transit data from an external API source. 1. Ingestion points: Data is received via the curl output in the workflow described in SKILL.md. 2. Boundary markers: The skill does not define specific delimiters or instructions to prevent the agent from following directions potentially embedded in the transit data response. 3. Capability inventory: The agent is tasked with summarizing the response, which involves processing the full content of the external data. 4. Sanitization: There is no mention of filtering or sanitizing the data received from the proxy before it is presented to the user.
Audit Metadata