api-attack-surface-mapper
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is composed entirely of markdown documentation and instructions for an agent workflow. It does not contain any executable scripts, Python files, JavaScript, or binaries.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core function involves processing untrusted external data which could contain malicious instructions.
- Ingestion points: The skill ingests external data from API specifications (OpenAPI URLs/files, Postman collections) and captured network traffic as defined in the 'Required Inputs' section of SKILL.md.
- Boundary markers: The execution workflow does not define any boundary markers or instructions to the agent to ignore embedded prompts within the ingested specifications.
- Capability inventory: The skill is configured to perform network operations, including 'Confirm route liveness' and 'baseline validation' against target URLs based on the ingested data.
- Sanitization: The workflow lacks specified sanitization or validation logic to filter out potentially malicious natural language instructions embedded within the API specifications or traffic data.
Audit Metadata