yapi
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends executing @leeguoo/yapi-mcp via npx. This package is a vendor-owned resource associated with the author's namespace leeguooooo.
- [COMMAND_EXECUTION]: The skill uses rg (ripgrep) to extract configuration data and executes the yapi CLI tool to perform documentation synchronization and queries.
- [CREDENTIALS_UNSAFE]: The skill accesses sensitive local files including ~/.yapi/config.toml and ~/.yapi-mcp/auth-*.json. These files are used to store authentication tokens and configurations for the YApi service.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and summarizes external API documentation from a YApi server.
- Ingestion points: API documentation JSON fetched via the yapi command from a remote base_url (configured in ~/.yapi/config.toml).
- Boundary markers: The skill does not employ specific boundary markers or instructions to ignore instructions embedded within the fetched documentation during processing.
- Capability inventory: The skill can execute shell commands (yapi, npx, rg), perform network operations via the YApi CLI, and read/write to specific local directories (~/.yapi).
- Sanitization: No sanitization of the external JSON documentation is performed prior to summarization.
Audit Metadata