Skills
skills/testany-io/testany-agent-skills/api-reviewer/Gen Agent Trust Hub

api-reviewer

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Employs the Glob tool to search for PRDs and existing contracts within the filesystem (Phase 0.2). Additionally, it suggests execution of local linting and automated checks (Phase 0.4).
  • [PROMPT_INJECTION]: Establishes an indirect prompt injection surface by ingesting and analyzing untrusted external content from API contracts and PRD documents.
  • Ingestion points: Content extracted from PRDs, boundary confirmations, and API specifications (Phase 0 and 1).
  • Boundary markers: None identified. The skill lacks instructions to isolate document content from the agent's logic.
  • Capability inventory: File system traversal (Glob), document reading, and interactive questioning.
  • Sanitization: No input validation or filtering of document text is specified before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 08:02 PM