core-principles
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): The agent execution rules are benign, task-specific instructions designed to guide code generation and maintenance. There are no attempts to bypass safety filters or override system constraints.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive local files, hardcode credentials, or perform unauthorized network operations. The use of Apidog MCP is referenced for fetching API specifications in a standard development context.
- [External Downloads & RCE] (SAFE): No commands for downloading and executing remote scripts (e.g., curl | bash) or installing untrusted packages were found. The listed tech stack (React, Vite, TanStack) represents standard industry dependencies.
- [Indirect Prompt Injection] (LOW): The skill defines an ingestion point where the agent fetches API specs from Apidog MCP to regenerate TypeScript types. While this is a surface for external data, the capability is limited to static type generation within a specific directory (
/src/api), posing minimal risk to the agent's integrity or the host system. - [Persistence & Privilege Escalation] (SAFE): No actions were detected that attempt to gain elevated privileges or establish persistence on the system.
Audit Metadata