configure-api-tests
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like 'find', 'grep', and 'pwd' for environment discovery and executes 'bun' or 'uv' to install testing dependencies.
- [EXTERNAL_DOWNLOADS]: Configures the installation of well-known libraries such as @pact-foundation/pact and zod from official registries.
- [DATA_EXFILTRATION]: Provides a CI/CD template for publishing pact files via 'curl'. This is standard behavior for contract testing and uses environment secrets for authentication.
- [PROMPT_INJECTION]: The skill ingests untrusted metadata from package.json and openapi.yaml. This surface is considered safe as the skill performs presence detection and metadata reporting rather than interpreting the data as instructions. 1. Ingestion points: package.json, openapi.yaml. 2. Boundary markers: Uses specific search patterns. 3. Capability inventory: File writing, bash execution. 4. Sanitization: Uses static boilerplate templates.
Audit Metadata