Skills
skills/vchirrav/product-security-ai-skills/api-security-spectral/Gen Agent Trust Hub

api-security-spectral

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of @stoplight/spectral-cli via npm. While this is a reputable tool for API linting, it constitutes an external dependency that is not on the pre-approved trusted source list.
  • [COMMAND_EXECUTION] (LOW): The skill executes spectral lint commands against local files (<spec-file>). This is the intended purpose of the skill and does not involve elevated privileges or dangerous flags.
  • [DATA_EXFILTRATION] (SAFE): Analysis of the shell commands and rulesets shows no attempts to transmit data to external servers or access sensitive directories like SSH keys or environment secrets.
  • [PROMPT_INJECTION] (SAFE): The instructions are strictly focused on API design linting and do not contain patterns intended to bypass agent safety filters or override system instructions.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 09:35 AM