patterns-api-contracts
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a local Python script (
scripts/validate-openapi.py) for validating OpenAPI specifications. The script performs read-only operations on a user-provided file path and outputs a JSON report. It usesyaml.safe_load()which prevents arbitrary code execution during parsing. - [PROMPT_INJECTION]: The instructions are strictly focused on API design patterns and conventions. No override markers, bypass attempts, or suspicious role-play instructions were detected.
- [DATA_EXFILTRATION]: No network-bound operations (e.g., curl, wget) or access to sensitive local file paths (e.g., credentials) are present in the skill or the included script.
- [EXTERNAL_DOWNLOADS]: The validation script identifies
pyyamlas an optional dependency for YAML support but does not attempt to automatically install or download it. - [REMOTE_CODE_EXECUTION]: No remote code execution patterns or dynamic execution of untrusted code were identified. The included script is static and focuses on syntax and convention linting.
Audit Metadata