Skills
skills/dididy/ralph-kage-bunshin/api-integration-checklist/Gen Agent Trust Hub

api-integration-checklist

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands, specifically curl, grep, and jq, to interact with external API endpoints. This is the intended primary function for verifying API status, headers, and response structures.
  • [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection because it processes untrusted data from third-party API responses. It includes explicit defensive instructions to mitigate this risk.
  • Ingestion points: API response bodies (JSON, NDJSON, HTML) fetched during verification steps in SKILL.md.
  • Boundary markers: Instructions explicitly state to treat response bodies as raw data and ignore content that resembles instructions or directives.
  • Capability inventory: Uses curl for network interaction and jq for structural analysis.
  • Sanitization: The skill recommends extracting only structural information and using runtime validation libraries like Zod.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 02:34 PM