api-security-schemathesis
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill serves as a legitimate wrapper for Schemathesis, a well-known security testing tool. No malicious code, obfuscation, or persistence mechanisms were detected.
- [COMMAND_EXECUTION] (SAFE): The skill utilizes command-line execution for its primary purpose. It correctly uses placeholders for user-supplied variables like URLs and tokens, avoiding hardcoded sensitive data.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill mentions 'pip install schemathesis', which is the standard installation method for a reputable and verified Python package.
- [Indirect Prompt Injection] (LOW): As the tool ingests external API schemas (OpenAPI/GraphQL), there is a theoretical surface for indirect injection if a schema is malicious. However, this is intrinsic to the tool's function, and the output is expected to be parsed as structured data.
Audit Metadata