api-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill performs static analysis of Python source code using the ast module to identify whitelisted API endpoints. This is a legitimate diagnostic function. Found in: scan_api_endpoints.py.\n- Indirect Prompt Injection (LOW): The tool ingests Python code and extracts docstrings into a report. Ingestion: scan_api_endpoints.py; Boundary markers: Absent; Capability: Local file writing and subprocess testing; Sanitization: None. This represents a minor surface risk typical of data-processing tools. Found in: scan_api_endpoints.py.\n- Command Execution (SAFE): The test suite executes the scanner script locally using subprocess.run, which is standard testing practice and poses no security risk. Found in: test_scanner.py.
Audit Metadata