generating-api-sdks
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted API specifications from the api-specs directory which could contain malicious instructions designed to influence the agent's behavior during code generation.
- Ingestion points: The skill reads existing API specifications from {baseDir}/api-specs/ as defined in SKILL.md and references/implementation.md.
- Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The agent has access to Write, Edit, and Bash tools, allowing it to modify the file system and execute commands based on the processed specifications.
- Sanitization: There is no evidence of sanitization or validation of the ingested specification content before it is used in downstream operations.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool with a restricted command prefix (api:sdk-*) to perform scaffolding and code generation tasks. While restricted, this capability could be abused if the input specifications are malicious.
Audit Metadata