Skills
skills/qfeius/make-platform-skills/make-integration/Gen Agent Trust Hub

make-integration

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the makecli binary from the author's repository via Homebrew and includes an update mechanism via makecli update.
  • [COMMAND_EXECUTION]: Shell commands are utilized for OCR operations, configuration verification, and credential management. It also documents the use of the !command syntax for interactive token setup.
  • [DATA_EXFILTRATION]: User-provided document files are uploaded to the configured service URL for recognition and processing.
  • [PROMPT_INJECTION]: The skill processes untrusted external files, creating an indirect prompt injection surface.
  • Ingestion points: Extracts data from user-provided .pdf, .ofd, .png, .jpg, and .jpeg files using makecli (SKILL.md).
  • Boundary markers: Lacks explicit instructions for the agent to ignore instructions embedded within the invoice/bill content during extraction.
  • Capability inventory: Includes shell command execution and recording operations via makecli (SKILL.md).
  • Sanitization: No explicit sanitization or validation of extracted OCR results is performed before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 06:02 AM