Skills
skills/shetengteng/skillix-hub/swagger-api-reader/Gen Agent Trust Hub

swagger-api-reader

Warn

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The tool accepts passwords, API keys, and bearer tokens as command-line arguments (e.g., --password, --token). This is an insecure practice as it leaves sensitive credentials visible in shell history files and system process lists.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from user-specified remote URLs. It provides a --no-verify option which, if used, disables SSL certificate validation, exposing the data transmission to potential interception or tampering.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted descriptive fields within Swagger/OpenAPI documents.
  • Ingestion points: scripts/swagger_reader.py retrieves content from external URLs.
  • Boundary markers: The generated Markdown lacks delimiters or protective instructions to prevent the agent from misinterpreting documentation as commands.
  • Capability inventory: The script can perform network requests and local file writes.
  • Sanitization: No sanitization is performed on text fields (summary, description) from the external Swagger definitions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 4, 2026, 03:57 PM