alova-wormhole-usage
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documents the capability to fetch OpenAPI/Swagger specifications from remote URLs as part of the normal API code generation workflow.
- [COMMAND_EXECUTION]: Instructions are provided for running CLI commands such as 'npx alova gen' and 'npx alova init', which are required to initialize and execute the code generation process.
- [REMOTE_CODE_EXECUTION]: The documentation describes a code generation pipeline that transforms external specification data into executable JavaScript or TypeScript functions.
- Ingestion points: The tool reads OpenAPI specifications from URLs provided in the configuration's 'input' field.
- Boundary markers: There are no documented boundary markers used to distinguish or isolate instructions within the fetched specifications.
- Capability inventory: The generation process involves writing source files to a local 'output' directory and executing user-defined transformation logic via the 'handleApi' hook.
- Sanitization: The documentation does not mention specific sanitization or validation of the remote specification content prior to code generation.
Audit Metadata