Skills
skills/scalekit-inc/skills/sk-actions-custom-provider/Gen Agent Trust Hub

sk-actions-custom-provider

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes curl commands to perform authentication and manage resources via the Scalekit API. It executes token generation, resource listing, and provider creation/updates in the user-specified environment.
  • [PROMPT_INJECTION]: The skill processes external API and authentication documentation provided by the user to infer configuration schemas. This introduces an indirect prompt injection surface where instructions embedded in the external documentation could potentially influence the agent's logic during the inference phase.
  • Ingestion points: API documentation links and authentication documentation links (SKILL.md Step 2, 13, 18, 19).
  • Boundary markers: None specified for the documentation content.
  • Capability inventory: Subprocess execution of curl for API interactions (SKILL.md Step 4, 5, 25, 26).
  • Sanitization: None specified for external document content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 04:06 AM