api-workshop
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The workflow in
SKILL.md(Phase 1) explicitly fetches content from user-provided URLs to review existing API specifications. This is an intended feature but creates an entry point for untrusted data.\n- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to the ingestion and subsequent multi-agent processing of external data.\n - Ingestion points: Phase 1, Step 2 of
SKILL.mdfetches an existing API spec from a user-provided URL.\n - Boundary markers: Absent. There are no instructions to use delimiters or to disregard instructions embedded within the fetched specification.\n
- Capability inventory: The skill is designed for architectural reasoning and documentation. It generates and saves files to the
workspace/directory. No high-privilege capabilities such as arbitrary command execution or system-level configuration changes were identified.\n - Sanitization: Absent. The skill summarizes external specifications and passes the context to sub-agents without filtering or strict schema validation.
Audit Metadata