improve-operation-ids
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill references the SPEAKEASY_API_KEY environment variable but uses a safe placeholder () for documentation purposes. No hardcoded secrets were detected. No external network operations to non-whitelisted domains are initiated.
- [Indirect Prompt Injection] (SAFE): The skill facilitates the processing of external OpenAPI specifications (openapi.yaml). While this is a surface for untrusted data ingestion, the skill's operations are limited to standard CLI tool usage and do not involve high-risk dynamic execution or prompting based on the data content.
- Ingestion points: openapi.yaml (via -s flag)
- Boundary markers: Absent
- Capability inventory: speakeasy suggest and speakeasy run CLI commands
- Sanitization: None specified; relies on CLI tool parsing
- [Command Execution] (SAFE): Use of speakeasy CLI commands is consistent with the stated purpose of the skill and does not include arbitrary shell execution, piped remote scripts, or suspicious redirection.
Audit Metadata