openapi-endpoints
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute the local script
scripts/generate-openapi.tsusingnpx tsx. This executes code within the local project environment to regenerate API documentation.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface defined by the following characteristics:\n - Ingestion points: The agent is instructed to read and process existing supplement files (e.g., in
src/lib/openapi/endpoints/) which contain metadata fields such asdescriptionthat support markdown and could host hidden malicious instructions.\n - Boundary markers: The agent prompt templates do not specify any delimiters or warnings to ignore instructions embedded within the data it reads.\n
- Capability inventory: The agent has the ability to write to the local filesystem and execute commands, providing a path for an injection to cause unauthorized changes or actions.\n
- Sanitization: The instructions do not include any steps for sanitizing or validating the input from these files before processing them.
Audit Metadata