backend-api-documenter
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): Vulnerability to Indirect Prompt Injection through untrusted source code and configuration files.
- Ingestion points: The agent is instructed to read content from
backend/app/api/v1/*.py,backend/app/schemas/*.py, andbackend/CLAUDE.md(viaSKILL.md). - Boundary markers: Absent. There are no instructions for the agent to use delimiters or an 'ignore embedded instructions' warning when processing these files.
- Capability inventory: The skill possesses file system read access, file write access (to
backend/AGENTS.md), and the ability to execute local scripts. - Sanitization: Absent. The agent extracts 'business rules from docstrings and code logic' directly from content that could contain adversarial instructions injected by a malicious contributor.
- COMMAND_EXECUTION (LOW): The skill executes a local helper script
scripts/scan_api_routes.py. Analysis of the script shows it uses standard Python libraries (re, pathlib) for regex-based extraction and does not perform dangerous network or filesystem operations.
Recommendations
- AI detected serious security threats
Audit Metadata