openapi-design
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill workflow encourages fetching design patterns from external sources via Perplexity and context7 tools. This creates an attack surface where adversarial content could influence the agent's file modification tasks. Evidence: (1) Ingestion points: mcp__perplexity__search and mcp__context7__query-docs in SKILL.md; (2) Boundary markers: None present in the skill instructions to delimit external content; (3) Capability inventory: 'Write' and 'Edit' tools are allowed in the frontmatter, enabling file modification; (4) Sanitization: No sanitization or validation of external content is specified before interpolation into agent actions.
Recommendations
- AI detected serious security threats
Audit Metadata