generating-api-docs
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes external OpenAPI specifications to audit and generate documentation, which creates a surface for indirect prompt injection (Category 8).
- Ingestion points: Reads OpenAPI specifications from the local filesystem as described in SKILL.md and implementation.md.
- Boundary markers: Absent; there are no specific delimiters or instructions to ignore embedded instructions within the ingested specifications.
- Capability inventory: The skill has access to Bash, Write, and Edit tools to modify files and execute commands.
- Sanitization: Absent; the skill does not perform validation or escaping of the ingested specification content.
- [COMMAND_EXECUTION]: The skill includes code examples that use dynamic execution, specifically 'execSync' to run CLI tools like Redocly for documentation versioning (references/examples.md).
- [EXTERNAL_DOWNLOADS]: The skill utilizes external tools such as @redocly/cli via npx and incorporates GitHub Actions for automated documentation deployment. Redocly is a well-known provider of API documentation solutions.
- [CREDENTIALS_UNSAFE]: The documentation templates and code examples include hardcoded mock API keys and Bearer tokens (e.g., 'sk_live_abc123...', 'Bearer eyJhbG...') intended as documentation placeholders (references/examples.md).
Audit Metadata