60s-api
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use
curlviaexecto interact with the 60s API. This involves executing shell commands with potentially dynamic arguments like city names or search keywords. - [EXTERNAL_DOWNLOADS]: The skill fetches data and media (images, audio, and JSON) from
https://60s.viki.moeand several mirror domains including60api.09cdn.xyz,60s.zeabur.app,60s.crystelf.top,60s.tmini.net, and60s.7se.cn. - [DATA_EXFILTRATION]: User-provided content is transmitted to external endpoints for processing. For example, the translation tool (
/v2/fanyi), hash calculator (/v2/hash), and OpenGraph metadata extractor (/v2/og) send user-supplied text or URLs to the third-party API service. - [PROMPT_INJECTION]: The skill acts as an aggregator for untrusted external content (news, social media hot-lists, search results), creating a surface for indirect prompt injection attacks.
- Ingestion points: Untrusted data enters the agent context through API responses from
60s.viki.moeand its mirrors, as defined inSKILL.md. - Boundary markers: The instructions do not specify any delimiters or warnings to the agent to treat external content as untrusted data.
- Capability inventory: The skill uses subprocess calls to
curlacross all operations described inSKILL.md. - Sanitization: There is no evidence of sanitization, filtering, or validation of the content returned from the external API before it is presented to or processed by the agent.
Audit Metadata