api-security-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill's content is strictly documentation and educational templates intended for security professionals conducting authorized audits. No automated or hidden malicious functionality exists.- [COMMAND_EXECUTION] (SAFE): Contains bash and HTTP snippets for manual testing purposes (e.g., gobuster, jwt_tool). These are common industry-standard tools and are not executed automatically by the skill.- [DATA_EXFILTRATION] (SAFE): Includes a sample XXE payload targeting /etc/passwd as a testing example. This is clearly marked as a test case for input validation and does not constitute a malicious data exfiltration attempt by the skill itself.- [EXTERNAL_DOWNLOADS] (SAFE): References common security tools such as OWASP ZAP and rest-attacker for manual installation and use by the auditor.
Audit Metadata