improve-sdk-naming
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the
speakeasyCLI tool to analyze specifications and generate overlay files. The commands are standard for the tool's intended use case and do not involve suspicious execution patterns. - [PROMPT_INJECTION] (LOW): (Category 8
- Indirect) The skill processes untrusted OpenAPI specification files. Maliciously crafted data within these files (such as operation IDs or descriptions) could theoretically influence the AI suggestions provided by the Speakeasy backend.
- Ingestion points: OpenAPI spec file paths provided via the
-sflag. - Boundary markers: None (the CLI tool processes the entire file as data).
- Capability inventory: The skill can read local files and write results to a local YAML overlay file.
- Sanitization: The skill relies on the Speakeasy platform's internal logic to sanitize or validate the specification data before generating suggestions.
- [CREDENTIALS_UNSAFE] (SAFE): The skill correctly recommends using environment variables for API keys and provides placeholders rather than hardcoding sensitive information.
Audit Metadata