rest-endpoint-designer
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest and process external REST patterns and API designs. It lacks explicit boundary markers or instructions to sanitize or disregard instructions embedded within the technical specifications it analyzes.
- [Data Exfiltration] (MEDIUM): The skill explicitly allows the
Bash(curl:*)tool. Because the skill's purpose involves working with external API designs, there is a risk that a malicious specification could trick the agent into exfiltrating local configuration data or credentials via curl. - [Command Execution] (LOW): Access to
Bash(even if restricted to curl) andEdittools provides the agent with significant environment modification capabilities. While necessary for the stated purpose, these capabilities should be monitored to prevent unintended side effects from instructions found in untrusted API docs.
Audit Metadata