api-mock-server
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill acts as an Indirect Prompt Injection surface by allowing the creation of mock API responses with arbitrary content.
- Ingestion points: Mock route configurations, including the response body and event data, are ingested via the
/_api/routesPOST and PUT endpoints inscripts/server.jsand stored inscripts/data/routes.json. - Boundary markers: The skill does not implement or recommend the use of delimiters or 'ignore' instructions when serving mock data to an agent.
- Capability inventory: The skill can write to the local filesystem and terminate its own execution process.
- Sanitization: No sanitization or safety filtering is applied to the mock response content, meaning an attacker could configure the mock server to return malicious instructions that a downstream agent might follow.
- [DATA_EXFILTRATION]: The server binds to
0.0.0.0by default inscripts/server.js. This makes the admin management panel and all configured mock APIs accessible to any device on the local network. While an optional password can be configured via environment variables, the default configuration exposes the server's data and management capabilities to the network. - [COMMAND_EXECUTION]: The server provides a management API endpoint at
/_api/shutdownwhich executesprocess.exit(0)when receiving a POST request. This allows for the remote termination of the server process, impacting the availability of the mock services.
Audit Metadata