extract-openapi-from-code
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill references standard development libraries (e.g., drf-spectacular, flask-openapi3, @nestjs/swagger) available through official package registries. No malicious or unverifiable third-party dependencies were identified.
- COMMAND_EXECUTION (SAFE): Documentation includes standard shell commands for package installation and local tool execution (e.g., pip install, python manage.py, curl). These commands are restricted to local environment setup and do not involve piped remote execution.
- DATA_EXFILTRATION (SAFE): Network patterns are restricted to fetching schemas from localhost and defining placeholder production/staging server URLs. No indicators of sensitive data exfiltration or unauthorized external network access were found.
- CREDENTIALS_UNSAFE (SAFE): Security scheme examples (Bearer JWT, API Key) use descriptive names and placeholders (e.g., 'X-API-Key') rather than hardcoded secrets.
- PROMPT_INJECTION (SAFE): The content is purely technical documentation and does not contain instructions designed to override agent behavior or safety filters.
Audit Metadata