get-api-docs
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the chub CLI for searching, retrieving, and annotating API documentation, which is consistent with the vendor's stated purpose.
- [DATA_EXFILTRATION]: The skill uses the chub feedback command to send documentation ratings to an external registry. This is a functional feature for data quality and does not involve sensitive system information.
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation content from a remote registry via the chub get command.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external sources. 1. Ingestion points: Documentation content retrieved from the chub get command. 2. Boundary markers: No delimiters or isolation instructions are provided to the agent for the fetched content. 3. Capability inventory: The agent has access to execute chub CLI subcommands. 4. Sanitization: No sanitization or validation of the external documentation is performed before processing.
Audit Metadata