chainlink-confidential-ai-attester-skill

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Transmits user-provided documents (PDF/PNG) and an API authentication token to the vendor's API domain at https://confidential-ai-dev-preview.cldev.cloud.
  • [EXTERNAL_DOWNLOADS]: The API functionality allows the server-side component to fetch content from arbitrary external URLs provided by the user in the inference request.
  • [COMMAND_EXECUTION]: The troubleshooting documentation suggests executing the qlmanage utility via the command line for document format conversion on the local machine.
  • [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection. Ingestion points: Documents and URL-based resources are ingested into the LLM context (found in SKILL.md and references/api-reference.md). Boundary markers: The skill lack instructions or delimiters to isolate document content or prevent the model from obeying instructions embedded within processed files. Capability inventory: The skill possesses Bash, WebFetch, and Write capabilities. Sanitization: There is no evidence of sanitization or filtering of content fetched from external URLs or extracted from uploaded documents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:00 AM
Security Audit — agent-trust-hub — chainlink-confidential-ai-attester-skill