api-test-suite-builder
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides automated utilities for API testing, including contract validation, coverage analysis, and test scaffold generation. All behaviors align with the stated purpose.
- [SAFE]: Analysis of the Python scripts (
contract_validator.py,coverage_analyzer.py,test_generator.py) confirms they use standard libraries (json,re,argparse,pathlib) for processing local files without any network connectivity or unsafe dynamic execution (eval/exec). - [SAFE]: No hardcoded credentials, API keys, or sensitive file path access (e.g., .ssh, .aws) were found. The skill operates strictly on project source code and API specifications provided by the user.
- [SAFE]: Shell commands provided in
SKILL.mdfor route detection are standard development workflows usinggrep,find, andsedto locate API endpoints in various web frameworks. - [SAFE]: No obfuscation, hidden URLs, or multi-layer encoding techniques were detected in the instructions or script code.
- [SAFE]: The skill ingests untrusted data (OpenAPI JSON specs), which is a standard data ingestion surface for this category of tool. The processing is handled using safe JSON parsing and basic string sanitization for generated code identifiers.
Audit Metadata