scanning-api-security
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes external API source code and specifications, which creates a potential surface for indirect prompt injection if the scanned files contain malicious instructions in comments or string literals.\n
- Ingestion points: Reads API route definitions, controller implementations, and OpenAPI specifications (SKILL.md).\n
- Boundary markers: No explicit delimiters are specified to separate analyzed code from instructions during scanning.\n
- Capability inventory: Includes file writing for reports and restricted Bash tool execution (SKILL.md).\n
- Sanitization: No explicit sanitization or filtering of scanned content is described.\n- [COMMAND_EXECUTION]: Uses standard security tools such as
npm audit,pip-audit, andgovulncheckfor identifying vulnerabilities, and includes examples usingexecSyncfor automation (references/examples.md).\n- [EXTERNAL_DOWNLOADS]: Interacts with public vulnerability databases during dependency scans and performs header validation against target API endpoints using network requests (references/examples.md).
Audit Metadata