a6-plugin-consumer-restriction
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides templates that interpolate external identifiers into Apache APISIX configuration commands, which could be exploited via indirect prompt injection if the inputs originate from untrusted sources.\n
- Ingestion points: Configuration data passed to the a6 CLI via standard input (SKILL.md).\n
- Boundary markers: None provided in the command templates.\n
- Capability inventory: Modification of routing and consumer access control policies via a6 route/consumer commands.\n
- Sanitization: Absent from the provided examples.\n- [COMMAND_EXECUTION]: The skill utilizes shell heredocs to dynamically generate JSON configuration payloads which are then executed by the a6 CLI tool.\n
- Evidence: Multiple step-by-step examples in SKILL.md demonstrate the use of heredocs (e.g., 'a6 route create -f
- <<EOF') to apply configurations.
Audit Metadata