automation-pilot-executions-api

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to perform network operations against the SAP Automation Pilot REST API and jq to parse and format the returned JSON data. These are standard tools for CLI-based API management.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill requires credentials (AUTOPI_USERNAME, AUTOPI_PASSWORD) to be provided as environment variables. These are used only for basic authentication to the trusted domain emea.autopilot.cloud.sap belonging to SAP. This setup is consistent with standard developer workflows for secure credential handling in automated scripts.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes data from an external source.
  • Ingestion points: Data is ingested from the SAP API response fields, including logs, error, and progressMessage (found in SKILL.md).
  • Boundary markers: There are no explicit delimiters or instructions to ignore instructions embedded within the API responses.
  • Capability inventory: The skill uses curl for network requests and jq for shell-based data processing.
  • Sanitization: Content returned from the API is processed by jq but does not undergo specific sanitization for natural language instructions before being presented in the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 10:44 AM
Security Audit — agent-trust-hub — automation-pilot-executions-api