infisical
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlandjqfor API interaction and response processing. These are standard system utilities used appropriately for the skill's purpose. - [EXTERNAL_DOWNLOADS]: The skill communicates with
app.infisical.com, which is the official endpoint for the well-known Infisical secrets management service. - [INDIRECT_PROMPT_INJECTION]: The skill processes data from an external API, creating a surface for indirect prompt injection if secret values contain malicious instructions. Ingestion points: Secret values retrieved from the Infisical API (SKILL.md). Boundary markers: None present. Capability inventory: The skill uses
curl,jq, and writes temporary files to/tmp(SKILL.md). Sanitization: No validation or sanitization is performed on the retrieved secret values before processing.
Audit Metadata