api-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The script
scripts/api_validator.pyis used for static code analysis. It searches for and reads local project files to identify patterns related to API implementation (e.g., status codes, error handling, validation). It does not useeval,exec, orsubprocessto execute code from the project it analyzes. - DATA_EXFILTRATION (SAFE): There are no network-capable commands (like
curl,wget, or Pythonrequests) used in the skill. All operations are confined to the local file system. - EXTERNAL_DOWNLOADS (SAFE): The skill does not define any external dependencies in
package.jsonorrequirements.txt, and it does not attempt to download files from remote sources. - PROMPT_INJECTION (SAFE): The instructional content is professional and focused on API architecture. It contains no bypass markers, role-play injections, or instructions designed to override the agent's safety protocols.
- INDIRECT_PROMPT_INJECTION (LOW): The skill reads external data (project code and OpenAPI specs). While this is an ingestion point for untrusted data, the
api_validator.pyscript only outputs its own analysis (e.g., "[OK] Input validation present") rather than raw file content, significantly reducing the risk of the agent being manipulated by instructions hidden within the analyzed code.
Audit Metadata