api-documentation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses Bash to execute local commands such as
git,find,grep, andyqfor file discovery and content analysis. These are standard operations for a documentation synchronization utility and do not exhibit malicious patterns. - [EXTERNAL_DOWNLOADS] (LOW): The skill runs
npx @apidevtools/swagger-clito validate documentation. This command downloads and executes a package from the npm registry. While @apidevtools/swagger-cli is a reputable tool, this mechanism introduces a dependency on an external repository. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it parses data from source code and documentation files without sanitization to perform its checks.
- Ingestion points: Files matching patterns like
**/routes/**/*.ts,**/api/**/*.py, andopenapi.yaml. - Boundary markers: Absent; the skill reads raw file content using grep/sed.
- Capability inventory:
Bash,Edit,Write, andmcp__github__*. - Sanitization: Absent; the comparison logic (
comm) and reporting rely on raw strings extracted from the filesystem.
Audit Metadata