download-openapi
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads data from user-specified URLs using the @aptx/frontend-tk-cli package. This package is identified as a resource provided by the skill author haibaraaiaptx.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. * Ingestion points: Untrusted content is fetched from remote URLs provided by the user and saved to local files like openapi.json. * Boundary markers: No explicit markers or ignore-instructions headers are added to the downloaded file to prevent the agent from following instructions embedded in the API spec. * Capability inventory: The skill writes to the local filesystem, and the resulting file is intended to be passed to other generative skills. * Sanitization: The skill performs JSON syntax validation but does not sanitize or filter the content of the OpenAPI specification for malicious prompt injection instructions.
Audit Metadata