apifox-mock-script-gen
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external API documentation content to generate functional scripts.\n
- Ingestion points: Documentation data retrieved through the mcp__apifox-api-docs-mcp__apifox_get_api_detail tool as defined in the execution flow of SKILL.md.\n
- Boundary markers: The skill does not implement explicit delimiters or safety instructions (e.g., "ignore embedded instructions") when processing documentation fields such as descriptions, summaries, or default values.\n
- Capability inventory: The skill generates JavaScript code for the Apifox Mock environment, utilizing the fox API and MockJs library for data generation and response control.\n
- Sanitization: There is no evidence of sanitization or structural validation for string content extracted from the API documentation before it is interpolated into the generated mock script logic.
Audit Metadata