spot-people-changing-jobs
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash scripts (api.sh, signup.sh) to handle API interactions and user authentication. It also uses a find command to dynamically resolve the location of the skill's scripts within the agent's environment.
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to the vendor's API at api.openfunnel.dev using curl to fetch signal data and perform sign-up/verification tasks.
- [PROMPT_INJECTION]: The skill processes data from external API responses, creating a potential surface for indirect prompt injection. 1. Ingestion points: Output from api.sh (e.g., results from /api/v1/signal/) is rendered in the agent's response. 2. Boundary markers: No explicit delimiters or warnings are used to separate untrusted API data from the agent's logic. 3. Capability inventory: The agent can execute local shell scripts and make network requests via curl. 4. Sanitization: No sanitization or validation of the external API content is performed before processing.
Audit Metadata