Skills
skills/apideck-libraries/api-skills/apideck-portman/Gen Agent Trust Hub

apideck-portman

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on executing the portman command-line tool to convert OpenAPI specifications into Postman collections and run tests. This is the intended primary function of the tool.
  • [EXTERNAL_DOWNLOADS]: The skill references the installation of the @apideck/portman package from the NPM registry. This package is maintained by the skill author (Apideck) and is a standard dependency for the tool's operation.
  • [PROMPT_INJECTION]: The skill processes external OpenAPI specifications and configuration files, creating a potential surface for indirect prompt injection.
  • Ingestion points: OpenAPI specifications (via -l or -u flags) and configuration files (via -c flag).
  • Boundary markers: No explicit markers or instructions to ignore embedded commands are present in the documentation.
  • Capability inventory: The skill executes the portman CLI and executes JavaScript tests via the Newman runner.
  • Sanitization: No explicit sanitization of input data is described in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 08:39 PM