abc-apifox
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/apifox.pyexecutes system commands usingsubprocess.runto install Python dependencies (pip install requests) and to execute the environment check scriptscripts/check_env.py. - [EXTERNAL_DOWNLOADS]: The
ApifoxClientinscripts/apifox_client.pyfetches external OpenAPI documentation from the official Apifox API (api.apifox.com). This is part of the core functionality to provide API documentation. - [DATA_EXFILTRATION]: The environment diagnostic script
scripts/check_env.pyoutputs the first 15 characters of theAPIFOX_ACCESS_TOKENto the console for verification purposes. - [PROMPT_INJECTION]: The skill processes external OpenAPI specifications which could contain instructions designed to influence the agent's behavior. Ingestion points: External data is fetched from the Apifox API in
scripts/apifox_client.py. Boundary markers: Absent, the tool returns data as JSON without specific markers to separate data from instructions. Capability inventory: The skill can execute subprocesses viascripts/apifox.py. Sanitization: The skill does not perform sanitization of text fields within the OpenAPI documentation before they are returned to the agent.
Audit Metadata