api-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Category 8: Indirect Prompt Injection (LOW): The skill is designed to ingest and process data from external APIs, which creates a surface for indirect prompt injection. However, the skill provides extensive documentation on boundary markers and sanitization, specifically recommending the use of Zod for schema validation and strict type transformations at the integration boundary (e.g., in
client-request-response-caching.md). - Ingestion points:
ApiClient.requestandUserServicemethods inclient-base-service-layer.mdandclient-request-response-caching.md. - Boundary markers: Explicitly recommends Zod schemas for parsing and validating untrusted data.
- Capability inventory: Network operations via
fetchfor API communication. - Sanitization: Usage of
zodfor input validation and manual transformer functions to convert API shapes to internal domain models. - Category 2: Data Exposure & Exfiltration (SAFE): The skill demonstrates safe handling of credentials. It recommends loading keys from environment variables (
process.env.API_KEY) and provides aredactHeadershelper inclient-request-response-caching.mdto prevent logging sensitive information like authorization tokens or API keys. - Category 4: Unverifiable Dependencies (SAFE): The skill references well-known, industry-standard tools and libraries for API development, such as
zod,msw,nock,openapi-generator, andorval. No suspicious remote script executions or untrusted package sources were identified.
Audit Metadata