api-tests
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs verified industry-standard testing libraries including Pact, AJV, Zod, and OpenAPI validation tools from official public registries (NPM and PyPI).
- [COMMAND_EXECUTION]: Utilizes Bash tools for environment inspection and configuration tasks, including package manager operations and project file scanning with jq, find, and grep.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes user-controlled project files like OpenAPI specifications.
- Ingestion points: Reads content from
package.json,pyproject.toml, andopenapi.yamlto detect project infrastructure. - Boundary markers: Content from these files is processed without explicit delimiters or instructions to ignore embedded instructions.
- Capability inventory: The skill has extensive file system access (Read, Write, Edit) and command execution (Bash) capabilities.
- Sanitization: No explicit validation or sanitization of project file content is performed before the agent processes it for reporting or configuration.
Audit Metadata