apifox-mock
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs file system operations that involve reading local source code from directories such as @/api/ and interface/, and writing new .js and .ts files to the project's root or component directories.
- [COMMAND_EXECUTION]: The skill instructions direct the agent to modify existing .vue files by commenting out actual API calls and injecting imports for the generated mock data. Modifying existing source code is a high-privilege operation that requires careful verification.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests potentially untrusted data from interface files and JSDoc comments and uses this data to generate executable scripts. 1. Ingestion points: @/api/xxx/controller, interface/apiTypes/, .vue files. 2. Boundary markers: Absent. 3. Capability inventory: File-write (.js, .ts), File-modify (.vue). 4. Sanitization: Absent. There are no documented boundary markers or sanitization processes to ensure that malicious content within comments or types doesn't influence the generated code's logic.
Audit Metadata