api-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill defines a command to run a local script:
python scripts/api_validator.py <project_path>. This involves running Python code against user-provided file paths. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill's primary function (validating project APIs) requires reading untrusted data from an external project path. This creates a surface for indirect prompt injection. Mandatory Evidence Chain: 1. Ingestion points: Files within the user-provided
<project_path>are read and processed. 2. Boundary markers: Absent; the skill does not specify delimiters or instructions to ignore embedded prompts in the analyzed project. 3. Capability inventory: The skill hasRead,Write,Edit,Glob, andGreppermissions, and executes a Python subprocess. 4. Sanitization: No evidence of input sanitization or validation of the content read from the project path is present in the skill metadata.
Audit Metadata