api-tests
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection (
!command) inSKILL.mdfor project structure discovery, including identifying lock files, project manifests, and existing test directories. These operations are limited to local file system queries and do not involve sensitive data access or network activity at load time. - [REMOTE_CODE_EXECUTION]: The skill automates the installation of external dependencies such as
@pact-foundation/pact,ajv, andzodvia standard package managers (bun,uv). These are well-established, industry-standard packages for API validation and contract testing. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from project files (e.g.,
package.json, OpenAPI specifications) to generate code and CI/CD configurations. Ingestion points: local manifests and spec files (SKILL.md). Boundary markers: absent. Capability inventory: tool usage for Bash (curl, http, jq), file writing, and editing. Sanitization: no explicit escaping or validation of ingested content was observed. A maliciously crafted project file could potentially influence the agent's file-writing behavior. - [DATA_EXFILTRATION]: The CI/CD workflow template in
REFERENCE.mdincludes acurlcommand to publish contract artifacts to a Pact Broker. This process correctly utilizes secrets for sensitive parameters (PACT_BROKER_URL,PACT_BROKER_TOKEN), following secure DevOps practices.
Audit Metadata