Skills
skills/nostrband/servicegraph/find-management-consultant/Gen Agent Trust Hub

find-management-consultant

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructs the agent to search for and read sensitive local files, specifically .env.local and .env, to retrieve the SERVICEGRAPH_TOKEN for authentication purposes.
  • [DATA_EXFILTRATION]: The skill performs network requests to the external domain api.servicegraph.co to interact with the ServiceGraph API. This domain belongs to the vendor.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from an external API. Ingestion points: Data is ingested from api.servicegraph.co via endpoints such as /v1/tags, /v1/search, and /v1/get/:id (SKILL.md). Boundary markers: There are no explicit instructions or delimiters used to separate the external API content from the agent's instructions. Capability inventory: The skill uses HTTP clients (curl, fetch, requests) and can read local configuration files (SKILL.md). Sanitization: The skill does not specify any sanitization or validation logic for the content received from the API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 08:53 AM
Security Audit — agent-trust-hub — find-management-consultant