update-api-docs
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill downloads a file from https://cloud.agenta.ai/api/openapi.json. This domain is not on the trusted source list, introducing a dependency on an external endpoint's integrity.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill uses the downloaded JSON file as input for npm run gen-api-docs. This is an indirect remote code execution vector because malicious data in the specification could potentially exploit vulnerabilities in the Docusaurus plugin or inject malicious MDX/JavaScript into the documentation site. Severity is reduced from HIGH to MEDIUM as this is the primary intended function of the skill.
- [COMMAND_EXECUTION] (LOW): The skill executes multiple shell commands including npm install and npm run start, which interact with external dependencies and the local file system.
- [PROMPT_INJECTION] (LOW): The skill has an attack surface for indirect prompt injection via the ingested OpenAPI spec. 1. Ingestion points: docs/docs/reference/openapi.json. 2. Boundary markers: Absent; no markers are used to delimit the external data. 3. Capability inventory: npm run gen-api-docs (content generation) and npm run start (local server execution). 4. Sanitization: Absent; the skill relies on default plugin behavior for JSON processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://cloud.agenta.ai/api/openapi.json - DO NOT USE without thorough review
Audit Metadata