Skills
skills/diegosouzapw/awesome-omni-skill/api-integration-architect/Gen Agent Trust Hub

api-integration-architect

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection due to its primary function of ingesting and processing data from external sources (APIs and WebSockets).
  • Ingestion points: Data enters the agent's context through Axios requests in hooks/useUser.ts and hooks/useInfiniteScroll.ts, Apollo GraphQL queries in apollo-client.ts, and WebSocket messages in hooks/useWebSocket.ts.
  • Boundary markers: The skill lacks explicit boundary markers or instructions for the agent to treat API/WebSocket responses as untrusted data, increasing the risk that embedded instructions in the data could be obeyed.
  • Capability inventory: The skill definition in SKILL.md grants the agent access to high-privilege tools including Bash, Task, Write, and Edit, which could be exploited if an attacker-controlled API response triggers malicious tool usage.
  • Sanitization: No data validation, schema enforcement, or content sanitization is present in the provided implementation examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 05:55 AM