manage-openapi-overlays
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No security issues or malicious patterns were detected across the analyzed files.
- [COMMAND_EXECUTION] (SAFE): The skill references standard CLI tools including
speakeasy,yq, andjq. These are used appropriately for linting, validation, and parsing of OpenAPI specifications, which is consistent with the skill's primary purpose. - [CREDENTIALS_UNSAFE] (SAFE): While the documentation mentions API keys and secrets, it does so in the context of configuration templates and best practices. It explicitly warns against insecure practices like using query parameters for authentication and correctly recommends using environment variables for SDK instantiation.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill instructs the agent on how to process external OpenAPI specifications (untrusted data). It provides safety-conscious advice, such as using
yqorjqto extract specific sections instead of loading potentially massive and untrusted specs directly into the agent's context window.
Audit Metadata