Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/generating-api-docs/Gen Agent Trust Hub

generating-api-docs

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external API specification files from the {baseDir}/api-specs/ directory, creating a risk for indirect prompt injection. Malicious instructions within these specs could manipulate the agent.
  • Ingestion points: Files in {baseDir}/api-specs/ read by the Read tool.
  • Boundary markers: None; the skill lacks delimiters or instructions to ignore embedded directives.
  • Capability inventory: Includes Write, Edit, and Bash(api:docs-*) tools.
  • Sanitization: No validation or sanitization of spec content is defined.
  • [COMMAND_EXECUTION]: The skill uses a restricted shell tool Bash(api:docs-*) for scaffolding. While restricted by a prefix, it is an execution surface that could be exploited via injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 05:30 PM