api-gateway
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous Python and shell command examples (using
urllib.requestandcurl) intended for the agent to use to interact with external APIs through the gateway. - [DATA_EXFILTRATION]: The skill is designed to transmit user data to over 100 external service providers and proxies all traffic through the author's domains (
maton.ai,gateway.maton.ai). - [PROMPT_INJECTION]: The skill facilitates a broad surface for indirect prompt injection attacks.
- Ingestion points: The agent is instructed to read data from 100+ external sources (e.g.,
references/slack/README.md,references/google-mail/README.md,references/notion/README.md), which may contain attacker-controlled instructions. - Boundary markers: Absent. The instructions do not define delimiters or provide warnings to ignore embedded commands in the ingested data.
- Capability inventory: The skill possesses extensive capabilities including network operations and CRUD access to diverse platforms (e.g.,
references/github/README.md,references/stripe/README.md). - Sanitization: Absent. No logic is provided to sanitize or filter the data received from external APIs before it is processed by the agent.
Audit Metadata