Skills
skills/tallpizza/dots-skill/dots/Gen Agent Trust Hub

dots

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses the curl utility via the system shell to perform HTTP requests for graph data retrieval, mutation, and workspace discovery.
  • [EXTERNAL_DOWNLOADS]: Communicates with the external API hosted at https://dots.tallpizza.com to fetch space configurations, label definitions, and graph snapshots.
  • [PROMPT_INJECTION]: Vulnerable to Indirect Prompt Injection (Category 8). The skill's workflow explicitly instructs the agent to treat data returned from the API—specifically space descriptions and label definitions—as "authoritative instructions" for the session.
  • Ingestion points: Remote content is ingested from the GET /api/workspaces/:ws/spaces and GET …/:sp/labels endpoints within the SKILL.md workflow.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or isolate potential commands embedded within the fetched metadata.
  • Capability inventory: The agent has the capability to execute shell commands (curl) and write to the local filesystem (dots.json).
  • Sanitization: No sanitization or validation logic is defined for the content retrieved from the external API before it is processed as instructional logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 09:57 AM