Skills
skills/sunic4/skills/apifox/Gen Agent Trust Hub

apifox

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and runs the @sunic/skills-apifox-cli package from the npm registry via npx. This package is a vendor-owned resource belonging to the author.
  • [COMMAND_EXECUTION]: Executes shell commands to synchronize and search Apifox documentation.
  • [REMOTE_CODE_EXECUTION]: Dynamically executes code from the npm registry using the npx utility to perform API searches and synchronization.
  • [PROMPT_INJECTION]:
  • Ingestion points: User-provided search keywords are interpolated into the <关键字> parameter in the search command within SKILL.md.
  • Boundary markers: No delimiters or specific instructions are used to isolate the user-provided keyword from the shell command.
  • Capability inventory: Shell command execution via npx with terminal output capabilities.
  • Sanitization: No sanitization, validation, or escaping of search keywords is defined, posing a risk of command injection if malicious strings are provided by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 04:14 PM