api-football-v3
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were identified. The skill follows industry standards for API integration and secret management.
- [EXTERNAL_DOWNLOADS]: References the official API-Sports widget library (https://widgets.api-sports.io/3.1.0/widgets.js) for optional frontend integration. This is a well-known service associated with the skill's primary purpose.
- [PROMPT_INJECTION]: The skill acts as an interface for external sports data, creating a surface for indirect prompt injection. 1. Ingestion points: Data returned from API endpoints such as team names, player profiles, and match event comments (e.g., SKILL.md, endpoints.md). 2. Boundary markers: The provided examples do not use specific delimiters for API content. 3. Capability inventory: The skill includes network requests (fetch) and interactions with local services like Redis for caching. 4. Sanitization: The sample code does not demonstrate specific sanitization or filtering of incoming string data from the API.
Audit Metadata