api-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The script
scripts/api_validator.pyperforms static analysis of local project files using Python's standard library (pathlib,re,json). It does not invoke system shells or execute the code it analyzes.\n- DATA_EXFILTRATION (SAFE): There are no network modules or commands (e.g.,requests,curl,socket) present in the skill's code or documentation.\n- INDIRECT_PROMPT_INJECTION (LOW): The validator script is an ingestion surface as it reads and analyzes user-provided project files.\n - Ingestion points:
scripts/api_validator.pyreads files viaPath.read_textat lines 43 and 85.\n - Boundary markers: None; the script's output does not use delimiters to separate ingested file data (such as API paths or JSON keys) from the agent's instructions.\n
- Capability inventory: The script is limited to local file system read operations for specific file extensions. It has no capabilities for file writing, network access, or process execution.\n
- Sanitization: None; the script may include keys or values from analyzed JSON files directly in its printed output, but the risk is negligible given the restricted scope of the tool.
Audit Metadata