emitting-api-events
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it processes external, untrusted data to drive its tasks.\n
- Ingestion points: The skill reads API specifications from the
{baseDir}/api-specs/directory as part of the design and implementation process (defined inSKILL.mdandimplementation.md).\n - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are provided to the agent when it reads these external files.\n
- Capability inventory: The skill is authorized to use
Bash(api:events-*),Write, andEdittools, allowing it to execute commands and modify the filesystem based on the data it ingests.\n - Sanitization: There is no evidence of input validation or sanitization for the data read from the API specifications.\n- Dynamic Execution (LOW): The skill uses a restricted Bash tool to generate boilerplate code. While the command usage is constrained by a specific pattern (
api:events-*), generating and running code based on external specifications qualifies as low-severity dynamic execution from templates (Category 10).
Audit Metadata