swagger-gen
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to run 'npx ai-swagger', which fetches and executes a package from the npm registry at runtime without pre-installation or explicit version pinning.
- [COMMAND_EXECUTION]: The core functionality of the skill is delivered via shell command execution ('npx'), which processes local directories and files.
- [DATA_EXFILTRATION]: The skill reads local Express route files and requires an 'OPENAI_API_KEY' environment variable. This setup indicates that the tool extracts source code and sends it to OpenAI's servers to generate the OpenAPI specification.
Audit Metadata