building-api-gateway
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface. 1. Ingestion points: It reads API specifications from '{baseDir}/api-specs/' as specified in SKILL.md and references/implementation.md. 2. Boundary markers: The instructions do not provide delimiters or 'ignore' directives to separate data from instructions. 3. Capability inventory: The skill possesses 'Write', 'Edit', and 'Bash(api:gateway-*)' capabilities. 4. Sanitization: There is no evidence of sanitization or validation logic applied to the ingested specification files.
- [COMMAND_EXECUTION]: The Bash tool is restricted to the 'api:gateway-*' prefix, which is a defensive measure that limits the agent to a predefined set of safe, gateway-specific commands.
Audit Metadata