api-testing-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and analyze untrusted external data such as OpenAPI/GraphQL specifications and source code.
- Ingestion points: Specification files (e.g., openapi.yaml) and code blocks provided in prompts or evaluation fixtures.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' commands when processing external content.
- Capability inventory: The skill manages task execution across multiple agents and provides patterns for network-based API testing and database queries.
- Sanitization: There is no evidence of validation or sanitization of the content within the ingested specifications.
Audit Metadata