agent-docs-api-openapi
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (SAFE): The instructions are focused on the intended task and do not contain attempts to override safety guidelines or extract system prompts.
- [Data Exposure & Exfiltration] (SAFE): The skill does not perform network operations and explicitly forbids access to sensitive directories like 'secrets/' and '.git/' via constraints.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external packages are installed, and there are no patterns of downloading or executing remote code. The shell commands in hooks are limited to local file discovery.
- [Privilege Escalation] (SAFE): No usage of sudo or attempts to modify system-level configurations detected.
- [Indirect Prompt Injection] (LOW): The skill has a data ingestion surface as it reads and processes project files (e.g., routes and controllers) to generate documentation. While it processes untrusted local data, the risk is mitigated by strict path constraints and restricted tool access.
- Ingestion points: Project files within allowed paths such as api/** and docs/** (referenced in SKILL.md).
- Boundary markers: Absent; the agent is not explicitly instructed to ignore instructions found within documentation source files.
- Capability inventory: File Read, Write, Edit, Grep, and Glob (defined in capabilities).
- Sanitization: No explicit sanitization or validation of input file content is defined in the instructions.
Audit Metadata