Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/managing-api-cache/Gen Agent Trust Hub

managing-api-cache

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external API specifications from {baseDir}/api-specs/ to generate code and configure system components.
  • Ingestion points: API specifications are read from {baseDir}/api-specs/ as specified in the instructions of SKILL.md and references/implementation.md.
  • Boundary markers: The instructions do not define any delimiters or provide warnings to the agent to ignore instructions that might be embedded within the processed data files.
  • Capability inventory: The skill allows the use of Bash(api:cache-*), Write, and Edit tools, which can be leveraged to execute commands or modify source code based on the potentially malicious input (as seen in SKILL.md).
  • Sanitization: There is no evidence of input validation, escaping, or sanitization of the content read from the API specifications before it is used in downstream tasks like code generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 05:22 PM