proto-api-generator
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is well-structured and follows a strict design methodology. It includes extensive local reference documentation for API definitions, error handling, and router conflict resolution.
- [EXTERNAL_DOWNLOADS]: Documentation within the skill references official go-sphere tools (e.g.,
protoc-gen-sphere-errors) and documentation hosted on GitHub and the official go-sphere domain. These are vendor-owned resources and are documented neutrally for the user's benefit. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to process external inputs such as user prompts, requirement documents, and folder structures. While this constitutes an ingestion surface, the risk is mitigated by the skill's narrow scope (generating text-based Protobuf definitions) and its mandatory validation checklists that ensure the output adheres to predefined scaffold rules.
- Ingestion points: User prompts, input folders, requirement documents, and mock data (identified in
SKILL.md). - Boundary markers: The workflow instructs the AI to treat input documents as "business truth" and to inspect provided folders only.
- Capability inventory: The skill produces Protobuf text output; it does not contain instructions for executing code, writing to the filesystem, or performing network operations.
- Sanitization: The skill employs a "Mandatory Pre-Output Checklist" and a "Final Gate" checklist (
references/go-sphere-api-definitions-checklist.md) to validate and sanitize the generated design before delivery.
Audit Metadata