api-design-principles
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The instructions in
SKILL.mdare standard task-oriented directions for API design and do not contain any attempt to override system prompts or bypass safety filters. - Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths were detected. The Python templates use placeholders and 'TODO' comments for security configurations like CORS and Trusted Host middleware.
- Obfuscation (SAFE): No encoded strings, zero-width characters, or homoglyphs were found in any of the files.
- Unverifiable Dependencies (SAFE): The skill references standard libraries and frameworks (FastAPI, Pydantic, GraphQL, aiodataloader) but does not include automated installation scripts or remote execution commands.
- Privilege Escalation (SAFE): No commands related to sudo, chmod, or system-level configuration changes were identified.
- Persistence Mechanisms (SAFE): The skill does not contain logic to modify shell profiles, cron jobs, or startup services.
- Indirect Prompt Injection (SAFE): While the skill is designed to 'review API specifications' (an external data ingestion surface), it does not provide the agent with executable tools or dangerous capabilities that could be exploited by malicious input data. It is primarily a knowledge-based resource.
- Dynamic Execution (SAFE): The included Python files are static templates. There are no instances of
eval(),exec(), or runtime code generation based on user input.
Audit Metadata