Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/validating-api-responses/Gen Agent Trust Hub

validating-api-responses

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external API specifications to drive its code generation and testing logic.
  • Ingestion points: Instruction 1 in SKILL.md and Step 1 in references/implementation.md describe reading OpenAPI specifications from the local environment.
  • Boundary markers: There are no defined delimiters or instructions to ignore embedded prompts within the API specifications.
  • Capability inventory: The skill uses the Write tool to create middleware files and the Bash(api:validate-*) tool to generate scaffolding and execute contract tests.
  • Sanitization: The instructions do not specify any sanitization or validation of the input data before it is used to generate executable code or test commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 04:38 PM