The Agent Skills Directory

[Prompt Injection] (SAFE): The document contains only instructional content and reference material for API testing. No attempts to override agent behavior or bypass safety filters were found.
[Credentials Unsafe] (SAFE): The examples correctly demonstrate the use of environment variable placeholders (e.g., $env.API_TOKEN, $env.API_KEY) for sensitive data. A single bash example uses a placeholder value secret123 for illustrative purposes, which does not constitute a secret leak.
[Data Exposure & Exfiltration] (SAFE): No commands for accessing sensitive system files or exfiltrating data to external domains were detected. The network operations described are limited to API testing against defined endpoints.
[Remote Code Execution] (SAFE): The file references the legitimate speakeasy CLI tool for executing tests. It does not contain any suspicious download-and-pipe-to-shell patterns or unauthorized execution of remote scripts.
[Indirect Prompt Injection] (LOW): While the specification involves processing external data (OpenAPI files), this file is merely a reference. The risk is associated with the runtime environment of the test runner processing untrusted specs, not the documentation itself.
[Obfuscation] (SAFE): No evidence of Base64 encoding, zero-width characters, or other obfuscation techniques intended to hide malicious intent.

setup-sdk-testing