api-design
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were detected.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network operations were identified. The code snippets provided are generic templates.
- Obfuscation (SAFE): No signs of encoding (Base64), zero-width characters, or homoglyph-based obfuscation were found in the documentation or code blocks.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not include any external dependencies or remote script execution (e.g., curl | bash). It provides static code examples for the user to implement manually.
- Privilege Escalation (SAFE): No commands related to privilege escalation (sudo, chmod) or administrative access were detected.
- Persistence Mechanisms (SAFE): No attempts to create scheduled tasks, modify startup scripts, or establish persistence were found.
- Metadata Poisoning (SAFE): The manifest and file metadata accurately describe the skill's purpose without deceptive instructions.
- Indirect Prompt Injection (SAFE): While the skill provides templates for processing API requests, it does not ingest or process untrusted external data itself, and therefore lacks a primary attack surface for this category.
- Time-Delayed / Conditional Attacks (SAFE): No logic gating malicious behavior based on dates, times, or environmental triggers was found.
- Dynamic Execution (SAFE): The skill does not use dynamic code execution (eval/exec) or runtime compilation. All code is provided as static examples.
Audit Metadata