fpl-copilot
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches data from the official Fantasy Premier League API (
fantasy.premierleague.com). This is a well-known and reputable service providing public sports statistics. - [COMMAND_EXECUTION]: Uses standard command-line utilities (
curl,jq,sqlite3) to sync and query data. These operations are limited to the skill's local directory (~/.fplcopilot/) and the official API. - [DATA_EXFILTRATION]: No unauthorized data transmission or sensitive file access was detected. All data management (squads and reports) is performed locally.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from the FPL API. While this presents a theoretical injection surface common to data-processing tools, the risk is minimal as the source is a trusted public API and the data is primarily numerical or specific sports-related strings.
Audit Metadata