dify
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlfor making network requests to the Dify API andjqfor processing the resulting JSON data. These are standard operations for API interaction. - [EXTERNAL_DOWNLOADS]: The skill connects to
api.dify.ai, which is the official endpoint for the Dify platform, a well-known service for LLM application development. - [DATA_EXFILTRATION]: The skill performs network operations to
api.dify.ai. This domain is not on the predefined whitelist, which marks it as a point of interest for data flow analysis. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and interacts with content generated by external AI models and retrieved from knowledge bases.
- Ingestion points: Data received from chat, completion, and dataset retrieval endpoints as specified in
SKILL.md. - Boundary markers: There are no explicit delimiters or instructions provided to isolate the data received from the API from the agent's core instructions.
- Capability inventory: The skill uses
curlfor external communication and writes temporary request data to/tmp/dify_request.json. - Sanitization: The instructions do not define any sanitization or validation protocols for the data ingested from the external API responses.
Audit Metadata