openapi-to-typescript
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection Risk. The skill processes external OpenAPI specifications and uses the content to generate code that is written to the local filesystem. This creates a high-tier indirect prompt injection surface where a malicious specification could include instructions within descriptions or names to manipulate the output or the agent's behavior.
- Ingestion points: SKILL.md Workflow Step 2 (reads user-provided or local JSON/YAML files).
- Boundary markers: Absent; there are no instructions to use delimiters or ignore nested prompts within the OpenAPI descriptions or titles.
- Capability inventory: SKILL.md Workflow Step 7 (writes .ts files to the local filesystem).
- Sanitization: Absent; schema descriptions and names are interpolated into the output code without sanitization against potential prompt injection sequences.
Recommendations
- AI detected serious security threats
Audit Metadata