api-documenter
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data from API specifications and code comments to perform sensitive tasks like SDK generation and CI/CD integration. * Ingestion points: OpenAPI/AsyncAPI specs, GraphQL schemas, and code annotations referenced in SKILL.md. * Boundary markers: None present; the agent treats input content as trusted data for generation without explicit delimiters. * Capability inventory: Includes multi-language SDK generation, automated release management, and CI/CD pipeline integration. * Sanitization: No evidence of input sanitization or validation of embedded instructions within the processed data.
- [Dynamic Execution] (MEDIUM): Generates executable code snippets and full SDKs across multiple languages at runtime based on external inputs, which can be exploited to inject malicious logic into the codebase.
- [Remote Code Execution] (LOW): Mentions integration with external AI-powered documentation tools and platforms; while common, the lack of verification mechanisms for these remote services introduces a supply-chain risk.
Recommendations
- AI detected serious security threats
Audit Metadata