postman
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill setup documentation suggests persisting the Postman API key in shell configuration files like ~/.zshrc or ~/.bashrc, which exposes the credential to any process that can read these files.
- [COMMAND_EXECUTION]: The agent is granted access to high-capability tools including Bash, which is used for setup tasks that establish persistence for environment variables.
- [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection from processing external data.
- Ingestion points: Local OpenAPI files (openapi.json, swagger.yaml) and remote Postman API data are ingested during sync and generation workflows.
- Boundary markers: No boundary markers or 'ignore embedded instruction' warnings are present to isolate external content.
- Capability inventory: The skill allows file system writing (Write) and comprehensive API interaction (mcp__postman__*), which could be misused if malicious instructions are processed.
- Sanitization: There is no evidence of sanitization or filtering applied to external content before it is interpolated into prompts for code generation or documentation.
Audit Metadata