Skills
skills/xfstudio/skills/api-patterns/Gen Agent Trust Hub

api-patterns

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): High susceptibility to indirect prompt injection based on the skill's capabilities and ingestion points.
  • Ingestion points: The skill is designed to process untrusted project files, documentation, and source code via its allowed tools (Read, Glob, Grep) and the validation script.
  • Boundary markers: Absent; the skill lacks instructions to delimit external content or to explicitly ignore instructions embedded within the processed project files.
  • Capability inventory: The agent is granted Write and Edit permissions alongside the ability to execute a Python script (scripts/api_validator.py), creating a high-impact exploitation path if the agent is subverted.
  • Sanitization: Absent; no input validation or sanitization routines are defined for the content ingested from the project directory.
  • COMMAND_EXECUTION (MEDIUM): The skill defines a tool that executes a local script python scripts/api_validator.py with a user-provided project path, which allows for subprocess execution on the filesystem.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:00 AM