api-testing-patterns
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists primarily of documentation, code templates, and configuration for quality engineering workflows. All identified tools and external references are standard for the quality assurance industry.
- [SAFE]: No obfuscation, data exfiltration, or persistence mechanisms were detected in the skill body or associated configuration files.
- [PROMPT_INJECTION]: The skill exhibits a typical attack surface for indirect prompt injection because it is designed to process external, untrusted artifacts like OpenAPI specifications and GraphQL schemas. However, this risk is inherent to the functional purpose of an API testing tool and no exploitable vulnerability was found.
- Ingestion points: External API specifications (e.g.,
openapi.yaml) and GraphQL schemas used as input for test generation and contract validation. - Boundary markers: The current instructional set lacks explicit delimiters or warnings to the agent to ignore instructions embedded within the metadata of processed specifications.
- Capability inventory: Coordinated agents possess network interaction capabilities for API validation and file system access for generating test suites.
- Sanitization: No sanitization logic for input specifications is explicitly defined in the provided skill code.
Audit Metadata