apix
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation provides an installation method using a
curl | shpattern fromhttps://apix.sh/install. This is the official installation script for the vendor tool and originates from the author's verified domain. - [COMMAND_EXECUTION]: The tool executes
gitcommands via subprocesses (e.g.,git clone,git pull,git sparse-checkout) to synchronize API registries and vaults from remote repositories. - [DATA_EXFILTRATION]: The
apix callcommand includes a feature to read local file contents and include them in the request body using the@prefix (e.g.,-d @file.json). While a standard feature of API clients, agents should use this capability with caution when handling sensitive local files. - [PROMPT_INJECTION]: The skill processes external OpenAPI specifications and markdown files. There is a surface for indirect prompt injection if an adversary provides a malicious API specification containing instructions in summaries or descriptions.
- Ingestion points: OpenAPI JSON/YAML specs via
apix import, and markdown vault files viasearch,peek, andshowcommands. - Boundary markers: The tool uses standard YAML frontmatter and Markdown headers to delimit data, but does not provide explicit instruction-bypass filtering.
- Capability inventory: Network requests and file read capabilities are available via the
apix callcommand. - Sanitization: Content is parsed into structured formats, but text descriptions are rendered as provided in the source files.
Audit Metadata