api-docs
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and process untrusted data from the local project source code. \n
- Ingestion points: API controller classes and model definitions found in the workspace (documented in Agent Instructions steps 1 and 2). \n
- Boundary markers: Not present; the instructions do not include delimiters or specific commands to ignore instructions within the analyzed code. \n
- Capability inventory: The skill has the capability to write multiple files to the local file system, including openapi.yaml, README.md, and postman-collection.json (documented in Agent Instructions steps 5, 6, and 7). \n
- Sanitization: No sanitization or validation logic is specified for the content extracted from the code before it is used to generate files.\n- [NO_CODE]: The skill consists entirely of natural language instructions and documentation templates. There are no scripts (Python, Bash, JS) or binary files included in the skill.
Audit Metadata