api-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions, bypass markers, or role-play injections were detected.
- [Data Exposure] (SAFE): No sensitive file paths, hardcoded credentials, or network exfiltration patterns were found.
- [External Downloads] (SAFE): No remote scripts or unverifiable dependencies are downloaded; the skill only mentions a standard npm generation script without providing the implementation.
- [Indirect Prompt Injection] (LOW): The skill describes a workflow involving OpenAPI specifications, creating a potential surface for indirect injection if specifications are untrusted. 1. Ingestion points: orchestrator/openapi/*.yaml files. 2. Boundary markers: None identified in documentation. 3. Capability inventory: Mentions client code generation (npm run generate:client), though the logic is external to this skill. 4. Sanitization: None identified.
Audit Metadata