api-designer
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's instructions and logic are consistent with its stated purpose of assisting in API design. No malicious patterns, obfuscation, or unauthorized exfiltration attempts were identified.
- [COMMAND_EXECUTION]: The skill uses local Python scripts (
scripts/generate_api.pyandscripts/validate_api.py) to automate documentation tasks. These scripts rely on standard Python libraries (pathlib, argparse) for file operations and do not execute arbitrary shell commands or remote payloads. - [EXTERNAL_DOWNLOADS]: The skill references external resources from well-known and trusted sources, including official documentation for GraphQL, REST API tutorials, and Microsoft's API guidelines on GitHub. These references are used for informational purposes.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it is designed to read and process API specifications.
- Ingestion points:
scripts/validate_api.py(reads input files),SKILL.md(describes reviewing existing designs). - Boundary markers: Absent.
- Capability inventory: Bash (execution of local scripts), Read, Write, WebFetch.
- Sanitization: None identified in the provided scripts.
Audit Metadata