devtu-auto-discover-apis
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill's primary workflow involves searching the web and scraping API documentation to populate tool templates, creating a significant surface for indirect prompt injection attacks where malicious external content could influence generated code.\n
- Ingestion points: Web search results and scraped API documentation processed in
python_implementation.py.\n - Boundary markers: No explicit sanitization or delimiters were detected in the code generation logic to isolate untrusted external content.\n
- Capability inventory: The skill generates files that perform network operations (
requests) and access environment variables; it also manages Git workflows using the GitHub CLI (gh).\n - Sanitization: No sanitization or escaping of external strings was detected in the generation logic.\n- [DYNAMIC_EXECUTION]: The skill dynamically assembles Python tool classes and JSON configurations at runtime through string concatenation with untrusted data. This allows for potential code injection if the discovered API metadata (such as paths or names) is maliciously crafted to break out of string literals in the templates.\n- [COMMAND_EXECUTION]: The skill provides instructions for manual command execution (e.g.,
chmod +x) and utilizes the GitHub CLI (gh) for automated integration tasks like creating pull requests.\n- [EXTERNAL_DOWNLOADS]: The implementation relies on therequestslibrary to fetch data from external API endpoints discovered during the discovery phase and for performing validation tests.
Audit Metadata