api-contract-testing
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow includes an optional consistency check that executes a local Python script:
python3 ../api-design-rest/scripts/validate_api_contract.py --manifest <path/to/manifest.json>. This command is used for validating API manifests and targets local files.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external data. - Ingestion points: The skill ingests 'Provider API specification' and 'Consumer expectations' as inputs in SKILL.md.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the ingested specifications are provided.
- Capability inventory: The skill has the capability to execute local subprocesses via the mentioned validation script.
- Sanitization: There is no mention of sanitization or validation of the input specifications before processing.
Audit Metadata