Skills
skills/wojons/skills/testing-api/Gen Agent Trust Hub

testing-api

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill demonstrates the use of various command-line tools to interact with APIs and run test suites. This includes using curl and http for requests, and executing test frameworks like pytest, go test, and npm run as shown in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx to download and run established tools from the npm registry, such as newman for Postman collections, ajv for JSON schema validation, and autocannon for load testing.
  • [PROMPT_INJECTION]: This finding identifies an indirect prompt injection surface when processing external API responses.
  • Ingestion points: Data enters the agent context from external API endpoints accessed via tools like curl and http in SKILL.md.
  • Boundary markers: No specific delimiters or instructions are provided to separate API response data from the agent's instructions.
  • Capability inventory: The skill includes network access and the ability to execute code via test runners (pytest, go test) and package executors (npx).
  • Sanitization: The skill does not define methods for sanitizing or validating API response content before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 10:29 AM