api-analyzer
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill functions as a text-based validator for API requests.
- [PROMPT_INJECTION]: The skill processes user-supplied HTTP request data which presents a surface for indirect prompt injection. However, the skill's restricted output format (one or two lines) and lack of dangerous capabilities mitigate this risk.
- Ingestion points: User-provided API details (method, URL, headers, body) processed during analysis.
- Boundary markers: None; the skill does not use specific delimiters to isolate user-provided data from instructions.
- Capability inventory: Limited to text analysis and conditional invocation of an internal 'API Documentation' skill.
- Sanitization: No explicit sanitization or validation of the content within HTTP headers or bodies is performed.
Audit Metadata