Skills
skills/starchild-ai-agent/official-skills/rootdata/Gen Agent Trust Hub

rootdata

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill communicates exclusively with the official RootData API at api.rootdata.com. No unauthorized network calls or suspicious data exfiltration patterns were found.
  • [SAFE]: Authentication is handled using a dedicated environment variable ROOTDATA_SKILL_KEY, following security best practices for credential management.
  • [PROMPT_INJECTION]: The skill retrieves data from the RootData API, which creates a surface for indirect prompt injection.
  • Ingestion points: Data enters the agent context via API calls in exports.py (e.g., rd_search, rd_project_detail).
  • Boundary markers: Absent; the skill does not explicitly delimit external content or instruct the agent to ignore embedded instructions.
  • Capability inventory: Limited to network requests to the vendor's API using the requests library in exports.py.
  • Sanitization: Absent; the skill passes the JSON response data from the API directly back to the calling agent without filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 04:12 PM
Security Audit — agent-trust-hub — rootdata