api-documentation
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes multiple shell commands (git, find, grep, sed, yq) to analyze the project directory. These utilities process raw file content, which could be manipulated to bypass logic or interfere with the agent's execution flow.
- EXTERNAL_DOWNLOADS (LOW): The skill invokes npx @apidevtools/swagger-cli to perform schema validation. Per [TRUST-SCOPE-RULE], while npm is a trusted registry, the runtime download of external packages remains a point of observation.
- REMOTE_CODE_EXECUTION (MEDIUM): Usage of npx downloads and executes external code on the host machine. This poses a risk if the package registry or the package itself is compromised.
- PROMPT_INJECTION (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion point: Step 3 scripts read untrusted source files (.ts, .py, .go) and documentation (.yaml, .json). 2. Boundary markers: None present. 3. Capability inventory: Commands like find/grep and triggering the documentation-audit skill. 4. Sanitization: Absent. Maliciously crafted content in API endpoints or code comments could influence the agent's state when it processes the drift report.
Audit Metadata