api-mock-designer
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes external, untrusted API specifications to generate designs and documentation. A malicious specification could contain hidden instructions that the agent might follow while performing the task. 1. Ingestion points: External API specifications referenced in the SKILL.md analysis protocol. 2. Boundary markers: None; there are no instructions to treat parts of the input as data-only or to ignore embedded commands. 3. Capability inventory: The agent is instructed to write Markdown and JSON files to the docs/api-report/ directory. 4. Sanitization: None; the skill does not define any validation or filtering for the input specifications before they are processed.
- [NO_CODE]: The skill consists entirely of instructional Markdown and YAML configuration. It does not include any Python scripts, Node.js packages, or other executable binaries.
Audit Metadata