automating-api-testing
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The file scripts/generate_test_suite.py contains a generate_script method that constructs shell scripts from input templates and uses chmod to make them executable.
- [REMOTE_CODE_EXECUTION]: The skill architecture processes external API specifications to generate test code which is then executed. This creates a potential path for untrusted data to trigger the execution of malicious commands via the Bash tool.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. 1. Ingestion points: API definition files (OpenAPI/Swagger/GraphQL) loaded via the Read tool in SKILL.md. 2. Boundary markers: None identified in instructions or code generation templates. 3. Capability inventory: Write (test files), Edit, and Bash(test:api-*) as defined in SKILL.md. 4. Sanitization: No evidence of validation or sanitization of content extracted from API specifications before use in code generation.
Audit Metadata