senior-backend
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external input through its automation scripts, creating a surface for indirect prompt injection.\n
- Ingestion points:
scripts/api_scaffolder.pyparses OpenAPI specifications (YAML/JSON), andscripts/database_migration_tool.pyparses SQL schema files provided by the user.\n - Boundary markers: The scripts do not implement delimiters or instructions to ignore or sanitize embedded instructions within the processed data.\n
- Capability inventory:
api_scaffolder.pygenerates and writes TypeScript route handlers and validators to the local filesystem;database_migration_tool.pygenerates and writes SQL migration scripts.\n - Sanitization: Data from external specifications is interpolated into code templates with minimal sanitization, potentially allowing an attacker to inject malicious code or logic into the generated output files.\n- [COMMAND_EXECUTION]: The skill includes utility scripts that perform network operations and file system modifications.\n
scripts/api_load_tester.pyexecutes network requests to user-provided URLs. This could be leveraged to perform internal network scanning or Server-Side Request Forgery (SSRF).\nscripts/api_load_tester.pycontains a--no-verify-sslflag that explicitly disables SSL certificate verification (ssl.CERT_NONE), exposing the agent to man-in-the-middle attacks if used against untrusted or production endpoints.
Audit Metadata