api-rate-limiting
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill contains educational content and code snippets for implementing rate limiting in Node.js and Python.
- [COMMAND_EXECUTION]: A shell script
scripts/validate-api.shis included but contains only placeholder logic and does not perform any dangerous operations. - [INDIRECT_PROMPT_INJECTION]: The skill processes API specifications (OpenAPI) and user-provided identifiers (IP/User ID) in its logic. While this represents a data ingestion surface, the provided code is for implementation guidance and does not execute untrusted logic within the agent's restricted environment.
- Ingestion points:
templates/api-scaffold.yaml(OpenAPI structure),req.user.id(runtime user identifier). - Boundary markers: None.
- Capability inventory: None (the skill provides templates, it does not execute them).
- Sanitization: None.
Audit Metadata