Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/mocking-apis/Gen Agent Trust Hub

mocking-apis

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external data that could contain malicious instructions (Indirect Prompt Injection surface). \n
  • Ingestion points: Reads API specifications from {baseDir}/api-specs/ using the Read tool. \n
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the specification content as untrusted data. \n
  • Capability inventory: The agent can write/edit files and execute restricted bash commands (Bash(api:mock-*)). \n
  • Sanitization: No input validation or sanitization is performed on the ingested API specifications. \n
  • [COMMAND_EXECUTION]: The skill utilizes a restricted bash tool environment. \n
  • Evidence: The skill is configured with allowed-tools: Bash(api:mock-*), which limits command execution to a specific set of vendor-defined utilities for API mocking.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 12:43 AM