api-review
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it reads and processes untrusted data from API specification files and source code. \n
- Ingestion points: API definition files (such as openapi.yaml or swagger.json) and source code (via src/api/**/*.ts) accessed using Read, Glob, and Grep tools. \n
- Boundary markers: No specific delimiters or instructions to ignore embedded prompts are provided in the skill instructions. \n
- Capability inventory: The skill uses Read, Glob, Grep, and Task tools to perform its logic. \n
- Sanitization: No explicit content sanitization or structural validation is performed on the ingested file data before processing.\n- [NO_CODE]: The skill is implemented entirely through markdown instructions and does not include any accompanying scripts or executable files.
Audit Metadata