302ai-api-integration
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill automatically fetches the latest API list from 's.apifox.cn' (a well-known documentation service) to ensure the generated code uses the most current endpoints and parameters.\n- [COMMAND_EXECUTION]: Executes the local bundled script 'scripts/parse_api_list.py' to process the API directory. This execution is scoped to the skill's own logic for searching model capabilities.\n- [CREDENTIALS_UNSAFE]: Prompts the user to provide their 302.AI API key to include it in the generated integration code. The skill includes explicit security warnings about protecting these keys, recommending the use of environment variables and backend proxies to avoid exposure.\n- [DATA_EXFILTRATION]: Uses 'WebFetch' to retrieve detailed API specifications from the official vendor domain 'doc.302.ai'. This network operation is directed at legitimate documentation to serve the skill's primary function.\n- [PROMPT_INJECTION]: Evaluated the surface for indirect prompt injection via external documentation.\n
- Ingestion points: Fetches data from 's.apifox.cn' and 'doc.302.ai'.\n
- Boundary markers: Absent in the prompt interpolation logic for code generation.\n
- Capability inventory: Includes local script execution and web retrieval via 'WebFetch'.\n
- Sanitization: Extracts structured technical data but does not perform specific sanitization for embedded instructions in the documentation content.
Audit Metadata