scanning-api-security
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, such as prompt injection, obfuscation, or unauthorized data exfiltration, were identified. The skill employs a restricted toolset and operates on local files, which minimizes the attack surface.
- [INDIRECT_PROMPT_INJECTION]: The skill includes instructions to read API specifications from local storage, which could potentially contain malicious content if the source is untrusted. However, the restrictive toolset (
api:security-*) limits the risk of harmful outcomes. Ingestion points: {baseDir}/api-specs/ (SKILL.md, implementation.md); Boundary markers: Absent; Capability inventory: Read, Write, Edit, Grep, Glob, Bash(api:security-*); Sanitization: Absent
Audit Metadata