generate-mock-service
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The
scripts/mock_generator.pyscript parses user-provided OpenAPI specifications. Maliciously crafted specifications could contain instructions in metadata fields (e.g., summaries or paths) that might influence the agent's logic during the code generation process. Ingestion point:parse_openapi_spec. Capabilities: Generation of executable code and Dockerfiles. Sanitization: None. - [Command Execution] (LOW): The skill generates templates with placeholders for commands (e.g.,
{{INSTALL_COMMAND}}) and executable Python/Node.js scripts. This represents a command execution sink if the generation process is manipulated. - [Insecure Default Configuration] (INFO): The Flask mock template defaults to
debug=True, which is a security risk in production environments as it can expose an interactive debugger allowing for potential RCE.
Audit Metadata