api-design-restful
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- Category 1: Prompt Injection (SAFE): No behavior override or safety bypass markers detected.
- Category 2: Data Exposure & Exfiltration (SAFE): No hardcoded secrets, sensitive paths, or exfiltration logic found.
- Category 3: Obfuscation (SAFE): Content is clearly readable without encoded or hidden text.
- Category 4: Unverifiable Dependencies & Remote Code Execution (SAFE): Only references well-known Node.js libraries (express, zod, express-rate-limit).
- Category 5: Privilege Escalation (SAFE): No attempts to acquire elevated permissions (sudo, chmod) found.
- Category 6: Persistence Mechanisms (SAFE): No shell profile modifications or task scheduling detected.
- Category 7: Metadata Poisoning (SAFE): Metadata fields are descriptive and contain no executable instructions.
- Category 8: Indirect Prompt Injection (LOW): The skill provides documentation only and does not process external untrusted data into prompts, though its allowed-tools include file and command execution capabilities.
- Category 9: Time-Delayed / Conditional Attacks (SAFE): No conditional triggers or logic gating malicious actions based on time/environment.
- Category 10: Dynamic Execution (SAFE): No runtime code generation or unsafe deserialization of untrusted data.
Audit Metadata