api-gateway-configurator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate and safe templates for configuring enterprise API gateways like Kong, AWS, and Tyk.
- [DATA_EXPOSURE]: Security credentials in all provided examples are correctly handled using environment variable placeholders (e.g.,
${env:API_KEY}and${JWT_SECRET}) rather than hardcoded secrets. - [INDIRECT_PROMPT_INJECTION]: The skill defines an interface for generating configurations based on user input, which creates a standard operational surface area. Evidence chain: 1. Ingestion points: User-provided parameters for service URLs, routes, and plugins. 2. Boundary markers: None present in the templates. 3. Capability inventory: Bash, Write, and Edit tools are enabled. 4. Sanitization: None implemented within the skill instructions. While this identifies a potential surface for indirect injection, the provided content itself is safe.
Audit Metadata