api-documenter
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes local Python scripts (
generate_openapi.pyandvalidate_openapi.py) to automate documentation tasks. These scripts are transparent and use standard library modules.\n- [INDIRECT_PROMPT_INJECTION] (LOW): Potential for schema confusion exists inscripts/generate_openapi.pyas it interpolates CLI arguments directly into a YAML template. \n - Ingestion points: CLI arguments passed to the generation script (e.g.,
--name,--base-url) inscripts/generate_openapi.py.\n - Boundary markers: None identified; inputs are directly placed into the document structure.\n
- Capability inventory: Local file write and edit access through the
WriteandEdittools.\n - Sanitization: Absent; the script does not escape YAML delimiters or check for newline injection that could alter the YAML schema structure.\n- [DATA_EXFILTRATION] (SAFE): No evidence of network communication, credential harvesting, or access to sensitive system directories was found during the analysis of the provided scripts.
Audit Metadata