skills/openfunnel/openfunnel-skills/spot-companies-posting-about-specific-things/Gen Agent Trust Hub
spot-companies-posting-about-specific-things
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash scripts (api.sh and signup.sh) to interact with the vendor API. These scripts are called with user-provided arguments, and their location is determined dynamically at runtime using subshells.
- [DATA_EXFILTRATION]: User-provided search parameters and authentication metadata (email, OTP) are sent to api.openfunnel.dev. This communication is the intended functionality of the skill as it integrates with the author's platform. Credentials are appropriately handled in headers rather than being exposed in logs or prompt text.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it interpolates untrusted user data into shell command strings. * Ingestion points: User input is accepted for the email, OTP code, and search query fields. * Boundary markers: The prompt instructions do not specify any delimiters or safety markers to isolate user input from the rest of the command string. * Capability inventory: The agent can execute local shell scripts via the bash interpreter. * Sanitization: The shell scripts do not implement sanitization or escaping for the variables interpolated into curl commands, creating a risk if a user provides specifically crafted malicious strings.
Audit Metadata