sparkscan
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires a vendor-specific CLI tool, which it states is auto-installed. The installation process is described in separate vendor documentation.
- [COMMAND_EXECUTION]: Core functionality is delivered through the execution of the
sparkscanCLI tool in a Bash environment. - [DATA_EXFILTRATION]: Legitimate network access is used to communicate with the vendor's API at
api.sparkscan.io. The skill includes clear instructions to redact credentials from user-visible outputs. - [PROMPT_INJECTION]: The skill handles untrusted data from the Spark network, creating a surface for indirect prompt injection. No malicious override attempts were found in the provided files.
Audit Metadata