pentest-api-deep
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- NO_CODE (SAFE): The analyzed files consist entirely of Markdown documentation and function signatures. No executable scripts (Python, JavaScript, or Bash) were found within the skill.\n- COMMAND_EXECUTION (LOW): The skill defines tool interfaces (e.g., kiterunner_scan, grpcurl_call) that wrap the execution of external CLI tools. While these are network-active capabilities, they are consistent with the primary purpose of a penetration testing skill and show no malicious implementation.\n- Indirect Prompt Injection (LOW): (Category 8) The skill identifies an attack surface where the agent processes untrusted data from external APIs, which could contain malicious instructions designed to influence the agent's behavior.\n
- Ingestion points: API documentation (OpenAPI/Swagger), GraphQL introspection schemas, and gRPC reflection data (references/tools.md and references/workflows.md).\n
- Boundary markers: None identified; the documentation does not specify the use of delimiters or 'ignore' instructions for ingested data.\n
- Capability inventory: Active network interaction and command-line execution via tools like grpcurl and kiterunner.\n
- Sanitization: No sanitization or validation logic is defined in the provided workflow.
Audit Metadata