Skills
skills/asebesta/claude-skills/bloomerang-api/Gen Agent Trust Hub

bloomerang-api

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWPROMPT_INJECTION
Full Analysis
  • Data Exposure & Exfiltration (SAFE): No sensitive data or hardcoded credentials were detected. Authentication examples correctly use the placeholder ''.
  • Unverifiable Dependencies & Remote Code Execution (INFO): The skill references a local file 'references/bloomerang-openapi.json' for documentation reference. This is a common and acceptable practice for API integration skills.
  • Indirect Prompt Injection (LOW):
  • Ingestion point: 'references/bloomerang-openapi.json' (external file reference)
  • Boundary markers: absent
  • Capability inventory: uses 'jq' and 'grep' for data retrieval and parsing
  • Sanitization: absent
  • Severity: LOW as the ingestion is for display and reference purposes only, lacking write or high-privilege execution capabilities.
  • Dynamic Execution (SAFE): No patterns of unsafe runtime compilation, library injection, or unsafe deserialization were identified.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 11:19 AM