apifox
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill performs HTTP GET requests to
https://api.apifox.com/v1/projects/{project_id}/export-openapito synchronize API documentation. This is a documented core feature and uses the user-providedAPIFOX_ACCESS_TOKENfor authentication. - [COMMAND_EXECUTION] (LOW): The
export_summarycommand inscripts/apifox.pyallows writing the documentation summary to a user-specified file path using the--outputargument. This presents a minor risk of overwriting sensitive files if the agent is misdirected to an unintended path. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (Category 8).
- Ingestion points: OpenAPI specifications are fetched from external Apifox project repositories and cached locally in
cache/oas.json. - Boundary markers: Absent. The agent is instructed to directly analyze the resulting JSON/Markdown content without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill possesses network read capabilities and local file-write capabilities (
export_summary). - Sanitization: No sanitization or validation of the OpenAPI content is performed before it is presented to the agent, meaning a compromised Apifox project could potentially influence agent behavior through malicious documentation strings.
Audit Metadata