api-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill presents a surface for indirect prompt injection because it is designed to ingest and analyze untrusted project files. \n
- Ingestion points: The scripts/api_validator.py script and the allowed Read, Glob, and Grep tools enable the agent to read content from arbitrary project directories provided by the user. \n
- Boundary markers: The validation script and the content map do not define explicit boundary markers or instructions to the agent to distinguish between its own logic and instructions that might be embedded within the source code or OpenAPI specifications being analyzed. \n
- Capability inventory: The skill is granted Write and Edit permissions across the codebase, meaning an instruction hidden in a code comment (e.g., in a file scanned by the validator) could potentially trick the agent into performing unauthorized file modifications or deletions. \n
- Sanitization: The validation script performs regex-based checks but does not sanitize or escape the content of the files before it is processed by the agent.
Audit Metadata