revit-api
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. The workflow in
SKILL.md(Step 0) instructs the agent to fetch untrusted data viaWebSearchto clarify ambiguous user queries. 1. Ingestion points:WebSearchresults and documentation JSON files. 2. Boundary markers: Absent; there are no instructions to the agent to treat search results as untrusted. 3. Capability inventory: Local Python script execution (scripts/search_api.py). 4. Sanitization: None. - [NO_CODE] (SAFE): Missing components. The script
scripts/extract_page.pyand the data filedata/api_index.jsonare referenced in theSKILL.mdinstructions but are not included in the provided file list, preventing a full security review of all executable parts of the skill.
Audit Metadata