api-designer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Significant vulnerability to Indirect Prompt Injection. The skill is designed to ingest and process untrusted API designs from external sources (WebFetch) or local files (Read) while possessing dangerous capabilities. 1. Ingestion points: WebFetch (URL content) and Read (local files). 2. Boundary markers: None identified; the agent cannot distinguish between design data and malicious instructions. 3. Capability inventory: Bash, Write, and Edit tools enable arbitrary command execution and file manipulation. 4. Sanitization: No sanitization or validation of the processed content is performed.
- [COMMAND_EXECUTION] (HIGH): The included script 'generate_api.py' allows for arbitrary file writes via the --output argument. An attacker could use indirect prompt injection to force the agent to overwrite sensitive files like ~/.bashrc or other configuration files, leading to persistence or system compromise.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The installation instructions point to an untrusted repository 'Charon-Fan/agent-playbook', which is not in the list of trusted sources.
Recommendations
- AI detected serious security threats
Audit Metadata