api-documenter
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions, role-play jailbreaks, or safety bypasses were detected in the skill definition.
- [Remote Code Execution] (SAFE): No remote script downloads, piped bash executions, or untrusted package installations were found.
- [Data Exfiltration] (SAFE): No network operations (curl, wget) or access to sensitive local files (credentials, SSH keys) were identified.
- [Command Execution] (SAFE): The skill executes local validation scripts (Python and Node.js). These scripts are static mock implementations that do not use dangerous parameters or elevated privileges.
- [Indirect Prompt Injection] (LOW): While the skill is designed to process external OpenAPI specification files, the current validator scripts do not interpret or execute the file contents, minimizing the risk of data-driven instruction injection.
Audit Metadata