api-development-expert
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains misleading metadata and deceptive claims within its instructions. Specifically, it claims to be 'verified' in its frontmatter and references future-dated specification releases (e.g., OpenAPI 3.2 in September 2025) and best practices from 2026. This misleading information may cause users or agents to misjudge the skill's origin or safety status.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to analyze and process code provided by users without implementing boundary markers or instructions to ignore embedded prompts. The 'Bash', 'Write', and 'Edit' capabilities listed in the frontmatter increase the risk if the agent were to follow instructions hidden within target code.
- Ingestion points: Code provided for review or refactoring (SKILL.md examples).
- Boundary markers: None identified in the instructions.
- Capability inventory: Bash, Write, Edit, Grep, Glob (SKILL.md).
- Sanitization: No input validation logic is present in the hooks or main script.
- [COMMAND_EXECUTION]: The 'Memory Protocol' section of the skill instructs the agent to execute shell commands to read local files, which utilizes the Bash tool.
- Evidence: 'cat .claude/context/memory/learnings.md' (SKILL.md).
Audit Metadata