Skills
skills/sunny0826/open-source-skills/openrank-metrics/Gen Agent Trust Hub

openrank-metrics

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches repository and developer metrics in JSON format from the domain oss.open-digger.cn. This is a standard source for open-source project statistics.
  • [COMMAND_EXECUTION]: The agent is instructed to use curl to retrieve metric data from constructed URLs based on user inputs such as platform, owner, and repository name.
  • [PROMPT_INJECTION]:
  • Ingestion points: External JSON data from oss.open-digger.cn enters the agent's context during metric retrieval (SKILL.md).
  • Boundary markers: Absent. The instructions do not define delimiters to separate the retrieved metric data from the agent's internal instructions.
  • Capability inventory: The skill uses curl to fetch data and performs data processing to generate Markdown reports.
  • Sanitization: Absent. There is no explicit requirement to validate or sanitize the JSON content before presentation, creating a surface for potential indirect prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 01:01 AM
Security Audit — agent-trust-hub — openrank-metrics