start-new-sdk-project
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill instructs the agent to use the
speakeasyCLI for SDK generation. The command parameters are limited to the tool's intended functionality. - [CREDENTIALS_UNSAFE] (SAFE): The documentation correctly advises using environment variables (
SPEAKEASY_API_KEY) or interactive login rather than hardcoding API keys. - [PROMPT_INJECTION] (SAFE): No malicious instructions or attempts to bypass agent safety filters were detected in the skill content.
- [DATA_EXFILTRATION] (SAFE): While the skill can fetch schemas from remote URLs, this is a standard feature of the tool, and no unauthorized data transmission patterns were found.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests external data (OpenAPI specs). While this is an inherent attack surface for SDK generation tools, the skill provides clear boundaries for its operation.
Audit Metadata