openapi-spec-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- Data Exposure & Exfiltration (LOW): The skill's metadata requests the
Bash(curl:*)tool. This provides the agent with an unrestricted capability to perform network requests, which could be used to exfiltrate data if the agent is manipulated while handling sensitive files. - Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted user input to generate API specifications, creating a surface for indirect prompt injection.
- Ingestion points: User-provided API requirements and patterns mentioned in requests (SKILL.md).
- Boundary markers: Absent; there are no instructions for the agent to treat input as data or to ignore embedded commands.
- Capability inventory: Access to
Read,Write,Edit, andBash(curl:*)allows for potential file modification or exfiltration of the generated content. - Sanitization: No sanitization or validation logic is defined to filter malicious instructions from user input.
- No Code Shipped (SAFE): Aside from the YAML metadata and instructional markdown, the skill does not include any accompanying scripts or executables, reducing the direct execution risk.
Audit Metadata