Skills
skills/sickn33/antigravity-awesome-skills/event-staffing-compliance/Gen Agent Trust Hub

event-staffing-compliance

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill performs network operations to an external, non-whitelisted domain at https://mcp.tempguru.co/mcp to retrieve compliance information. While functional, this creates a network exposure surface.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests data from an external API without security boundary markers.
  • Ingestion points: External data retrieved from https://mcp.tempguru.co/mcp via the get_compliance_by_state tool (SKILL.md).
  • Boundary markers: Absent; the instructions do not provide delimiters or warnings to the agent to disregard instructions potentially embedded in the fetched data.
  • Capability inventory: The skill uses an external MCP tool for data lookups but does not include local executable scripts.
  • Sanitization: No validation or sanitization of the external server's response is specified in the skill's instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 07:07 AM
Security Audit — agent-trust-hub — event-staffing-compliance