http-generate
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill is designed to execute a local Python script
http_generator.py. Because the content of this script is not provided in the skill documentation, its operations on the filesystem or system cannot be verified for safety. - PROMPT_INJECTION (HIGH): Category 8: Indirect Prompt Injection. The skill parses external, untrusted Java source code (
*Controller.java) to generate HTTP documentation. Maliciously crafted content within these files (e.g., in comments or string literals) could potentially manipulate the output or the agent's behavior. Ingestion points: Reads Java source files via filesystem scanning. Boundary markers: None described to separate untrusted code from instructions. Capability inventory: Script execution and filesystem write operations. Sanitization: No evidence of sanitization or escaping for the parsed content. - DATA_EXPOSURE (MEDIUM): The skill performs broad automated scans of the project directory to identify and read source code files, which exposes the application's internal structure and logic to the agent's context.
Recommendations
- AI detected serious security threats
Audit Metadata