skills/jeremylongshore/claude-code-plugins-plus-skills/building-api-authentication/Gen Agent Trust Hub
building-api-authentication
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill employs a restricted Bash tool, limiting command execution to patterns starting with 'api:auth-*', which adheres to the principle of least privilege and prevents arbitrary command execution.
- [DATA_EXFILTRATION]: Data access is confined to local API specifications and the project source directory for the purpose of scaffolding and implementation. No evidence of unauthorized data transfer to external domains or exfiltration of sensitive files was identified.
- [PROMPT_INJECTION]: The skill processes local API specifications, which presents a surface for indirect prompt injection. 1. Ingestion points: The agent reads API specifications from {baseDir}/api-specs/ as defined in SKILL.md. 2. Boundary markers: Absent; the skill does not define clear delimiters for the ingested content. 3. Capability inventory: Includes file system access (Read, Write, Edit, Grep, Glob) and restricted Bash execution. 4. Sanitization: No explicit validation or sanitization of the specification files is performed prior to processing.
Audit Metadata