ard-registry-builder

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill contains scripts designed to fetch external content. Specifically, scripts/validate_catalog.py and scripts/test_registry.py use Python's urllib.request to download ARD manifests from user-provided URLs and probe registry API endpoints. These operations are core to the skill's purpose of validating and testing ARD implementations.
  • [COMMAND_EXECUTION]: The skill relies on the execution of several internal Python scripts (validate_catalog.py, test_registry.py, new_catalog.py) to perform its primary tasks. These scripts are self-contained and do not demonstrate unsafe command construction or shell injection vulnerabilities.
  • [DATA_EXFILTRATION]: scripts/test_registry.py performs network POST requests to external URLs provided by the user to test search functionality. While this involves sending data (search queries) to external services, it is an intended feature of the ARD registry testing workflow.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external manifests and API responses.
  • Ingestion points: Untrusted data enters the agent context through scripts/validate_catalog.py (which reads manifests from files or URLs) and scripts/test_registry.py (which parses JSON responses from external APIs).
  • Boundary markers: The skill does not explicitly implement delimiters or instructions for the agent to ignore embedded commands within the processed data.
  • Capability inventory: The skill can perform network requests (urllib.request) and write files to the local system (scripts/new_catalog.py).
  • Sanitization: Data is parsed using standard json.loads, but no further sanitization of natural-language fields (like displayName or description) is performed before they are presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 09:49 AM
Security Audit — agent-trust-hub — ard-registry-builder