generating-grpc-services
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests external data to guide code generation and system modification.
- Ingestion points: The skill reads existing API specifications from the
{baseDir}/api-specs/directory as described in bothSKILL.mdandreferences/implementation.md. - Boundary markers: No explicit delimiters or instructions are provided to the agent to isolate the specification content from its operational instructions.
- Capability inventory: The skill has the capability to write and edit files, and execute commands via
Bash(api:grpc-*)based on the processed inputs. - Sanitization: There is no evidence of input validation or sanitization for the data read from the specification files before it is used to drive tool calls.
Audit Metadata