Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/validating-api-schemas/Gen Agent Trust Hub

validating-api-schemas

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from API specifications to guide its actions.
  • Ingestion points: The skill reads API specifications from the {baseDir}/api-specs/ directory using the Read tool.
  • Boundary markers: There are no instructions or delimiters defined to ensure the agent ignores malicious instructions that might be embedded within those specification files.
  • Capability inventory: The agent possesses capabilities to modify the filesystem via Write and Edit, and can execute framework scaffolding commands via Bash(api:schema-*).
  • Sanitization: No sanitization or validation logic is present to filter out potential instructions hidden in the data being processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 12:33 AM