worldcup
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a thin client for World Cup endpoints, using platform-provided environment variables (
AI_AGENT_API_URL,CONTAINER_JWT) for communication and authentication. All operations align with the stated purpose of match scheduling and prediction management. - [DATA_EXPOSURE]: The code correctly handles sensitive tokens by retrieving them from the environment and including them in the
Authorizationheader for API requests. These requests target eitherlocalhost(the default) or the official platform API URL, which is a standard and safe practice for this environment. - [COMMAND_EXECUTION]: The skill uses a script-based delivery model where the agent is instructed to call functions via
python3 -c. This is a documented and intended way for the agent to interact with its toolset. - [SAFE]: No obfuscation, prompt injection, or persistence mechanisms were detected in the instructions or the source code.
Audit Metadata