manage-openapi-overlays
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were detected.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded credentials found. The skill correctly uses environment variables and placeholders (e.g.,
API_KEY,MYAPI_ACCESS_KEY) for authentication and explicitly warns against insecure practices like query-parameter authentication. - [COMMAND_EXECUTION] (SAFE): Commands mentioned (
speakeasy,yq,jq) are standard developer tools for OpenAPI validation and JSON/YAML processing. No high-risk command execution or privilege escalation was found. - [DATA_EXFILTRATION] (SAFE): No patterns for unauthorized data access or external transmission of sensitive information were identified.
- [REMOTE_CODE_EXECUTION] (SAFE): No remote script execution or dynamic code generation from untrusted sources was detected.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill ingests external specification files (
spec.yaml,spec.json) incontent/validation.md, it does so using structured querying tools (yq,jq) and a specialized validator (speakeasy). There is no evidence of unsafe prompt interpolation or execution paths for untrusted data.
Audit Metadata