api-design-principles
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (INFO): The skill is designed to analyze user-provided API specifications, which is a vector for indirect prompt injection. \n
- Ingestion points: API design inputs and specifications (SKILL.md). \n
- Boundary markers: Absent. \n
- Capability inventory: The skill only generates text/architectural guidance; no subprocess, file-write, or network capabilities are present. \n
- Sanitization: None. \n- Security Best Practices (LOW): The REST API template includes permissive '*' settings for CORS and Trusted Hosts. \n
- Evidence: assets/rest-api-template.py contains allowed_hosts=[""] and allow_origins=[""]. These are identified as TODO items for production.
Audit Metadata