maxia
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates interaction with an external AI marketplace where the agent retrieves and processes information from third-party services (e.g., via the
/executeand/discoverendpoints). This creates a surface for indirect prompt injection, where instructions embedded in external service descriptions or responses could influence the agent's logic. - Ingestion points: Data returned from
https://maxiaworld.app/api/public/executeandhttps://maxiaworld.app/api/public/discover(documented inSKILL.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill's API examples.
- Capability inventory: The skill utilizes network access (
curl) to interact with APIs. - Sanitization: No sanitization or validation logic for external content is described in the provided instructions.
- [EXTERNAL_DOWNLOADS]: The skill performs multiple network requests to the vendor's domain (
maxiaworld.app) to access cryptocurrency sentiment, market statistics, and DeFi yield data. These are operational API calls consistent with the skill's described purpose.
Audit Metadata