orshot
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Suggests installing official SDKs for Node.js, Python, Ruby, and PHP (e.g.,
npm install orshot,pip install orshot,gem install orshot). These are legitimate vendor resources required for interacting with the platform. - [COMMAND_EXECUTION]: References the
orshot-clitool which can be executed vianpxfor terminal-based automation. - [DATA_EXFILTRATION]: Documents the documented transmission of data to the Orshot API (
api.orshot.com) for processing. This is the core purpose of the skill and represents authorized data transfer to the service provider. - [PROMPT_INJECTION]: The skill features an AI-driven generation capability via the
.promptmodification parameter. This serves as a surface for indirect prompt injection if untrusted external data is passed to these fields without oversight. - Ingestion points: User-controlled data in the
modificationspayload, specifically fields using.promptfor text/image generation or.hreffor PDF links. - Boundary markers: None present; the skill does not define delimiters or provide instructions for the agent to isolate external content.
- Capability inventory: Network operations to
api.orshot.com. - Sanitization: None present; the documentation does not describe sanitization or validation steps for content passed to the AI generation parameters.
Audit Metadata