api-security
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes system commands such as
curlandjqto perform API security audits. These commands are used to send requests to endpoints and parse JSON responses, which is the primary purpose of the skill. - [EXTERNAL_DOWNLOADS]: The skill initiates network requests using
curlto interact with API endpoints. While it targetsapi.example.comby default as a placeholder, it is designed to communicate with external servers to test for vulnerabilities like rate limiting and CORS misconfigurations. - [PROMPT_INJECTION]: No evidence of prompt injection or attempts to override AI safety guidelines was found. The instructions are clearly focused on security auditing procedures.
- [CREDENTIALS_UNSAFE]: The skill includes a hardcoded JWT string (
eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0...); however, this is a well-known test vector for the 'alg:none' vulnerability and does not represent a leak of actual sensitive credentials.
Audit Metadata