start-new-sdk-project
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to indirect prompt injection through its processing of external OpenAPI specifications.\n
- Ingestion points: The
--schema(-s) flag accepts untrusted input from arbitrary URLs and local file paths.\n - Boundary markers: None present to distinguish between trusted instructions and untrusted data within the processed schema.\n
- Capability inventory: The
speakeasy quickstartcommand performs filesystem write operations (creating.speakeasy/workflow.yamland the SDK output directory) and generates executable code.\n - Sanitization: No sanitization or validation of the schema content is performed by the skill before it is passed to the generation tool.\n- [Command Execution] (MEDIUM): The skill executes the
speakeasyCLI with multiple parameters derived from user input. While necessary for its function, this provides a surface for argument manipulation if the agent does not strictly validate the inputs.\n- [Credentials Unsafe] (INFO): Documentation references the use ofSPEAKEASY_API_KEY. While no secrets are hardcoded, the skill relies on the presence of sensitive credentials in the environment.
Recommendations
- AI detected serious security threats
Audit Metadata