eg-api-gateway
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses natural instructional language and does not contain any patterns typical of prompt injection attacks, such as safety filter bypasses or system prompt extraction attempts.
- [DATA_EXFILTRATION]: No evidence of hardcoded credentials, sensitive file access, or network calls to unauthorized domains was found. The network operations in the validation section are standard for testing local infrastructure.
- [REMOTE_CODE_EXECUTION]: The skill generates static Kubernetes configuration manifests rather than executing arbitrary code. It does not download and execute scripts from the internet.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests user-provided data (e.g., API hostnames, JWKS URLs) to populate configuration templates, it is a standard configuration generation task. The instructions emphasize using placeholders and TODO comments for sensitive values.
- [SAFE]: The workflow correctly prioritizes a security-first approach, layering TLS, authentication, and traffic management in the appropriate order.
Audit Metadata