api-patterns
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection because it is designed to ingest and analyze untrusted content from a user's project directory while possessing powerful write and execution tools.
- Ingestion points: Project files and directory structures accessed via the
Read,Glob, andGreptools, as well as the input processed byapi_validator.py. - Boundary markers: Absent. The skill provides no instructions to the agent to treat external file content as data rather than instructions.
- Capability inventory: The skill uses
WriteandEdittools and executes a Python script, providing a path for malicious instructions in a project file to trigger unauthorized code changes or system commands. - Sanitization: Absent. There is no evidence of input validation or content sanitization before processing project data.
- [Command Execution] (MEDIUM): The skill defines a command to execute a local Python script
api_validator.pywith a user-supplied<project_path>. If the script does not properly sanitize this input, it could be vulnerable to command injection or path traversal.
Recommendations
- AI detected serious security threats
Audit Metadata