designing-apis
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override agent behavior or bypass safety filters. The content is strictly informational guidelines for API design.
- Data Exposure & Exfiltration (SAFE): No sensitive file paths, hardcoded credentials, or network operations are present. The allowed tools (Read, Write, Glob, Grep) are standard for file-based tasks.
- Obfuscation (SAFE): No evidence of encoded strings, hidden characters, or homoglyphs was detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not reference or install external packages. There are no remote script downloads or execution patterns.
- Privilege Escalation & Persistence (SAFE): No commands related to elevated permissions or system persistence were found.
- Indirect Prompt Injection (SAFE): While the skill is designed to help an agent process or create API documentation, it does not include logic that would make it vulnerable to external data injection beyond standard LLM risks. No unsafe interpolation of untrusted data is defined in the workflow.
Audit Metadata