openapi-to-typescript
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill reads and processes external OpenAPI specifications which could contain malicious instructions designed to influence the agent's behavior during code generation.\n
- Ingestion points: User-provided OpenAPI JSON or YAML files (SKILL.md workflow step 2).\n
- Boundary markers: Absent; there are no instructions to the agent to delimit or ignore instructions within the input data.\n
- Capability inventory: The skill utilizes file system read and write capabilities to process specs and save output.\n
- Sanitization: Absent; there is no validation or escaping of string content from the OpenAPI document before it is interpolated into the generated TypeScript code.
Audit Metadata