Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/generating-rest-apis/Gen Agent Trust Hub

generating-rest-apis

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to parse external specification files (OpenAPI) and database models to generate code, creating a surface for indirect prompt injection.\n
  • Ingestion points: Project scanning occurs in SKILL.md (Step 1) and references/implementation.md (Step 1) using the Glob and Read tools.\n
  • Boundary markers: There are no instructions for the agent to use delimiters or ignore potentially malicious embedded instructions within the source specifications.\n
  • Capability inventory: The skill possesses the ability to write files (Write, Edit) and execute scaffolding commands (Bash(api:rest-*)), which could be leveraged if instructions are injected via project files.\n
  • Sanitization: The skill documents validation logic for the generated output (e.g., Zod, Pydantic), but lacks descriptions of sanitization or safety checks for the agent's ingestion of the initial specifications.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 02:33 AM