api-documentation
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process user-provided source code and API specifications to generate documentation. While this represents a surface for indirect prompt injection, the skill does not possess capabilities to execute the processed data or perform sensitive network/file operations. It also includes explicit constraints prohibiting the use of real credentials in examples.
- [EXTERNAL_DOWNLOADS]: The skill mentions well-known Node.js packages such as 'swagger-ui-express' and 'yamljs' within code snippets provided for developer guidance. These are standard libraries for the skill's stated purpose and are not automatically installed or executed by the agent.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access mechanisms were detected. The skill follows security best practices by instructing the agent to use placeholders for sensitive information.
Audit Metadata