api-recon-and-docs
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill instructions and metadata align with its stated purpose of API reconnaissance. No malicious patterns or deceptive instructions were identified.
- [COMMAND_EXECUTION]: The skill includes a shell command for mining endpoints from JavaScript files on a target server. This command is a legitimate reconnaissance tool and does not attempt to execute code on the host environment.
- [PROMPT_INJECTION]: By directing the agent to parse external content such as target application code and documentation, the skill introduces an interface for indirect prompt injection. This is a known surface in security reconnaissance tasks and is considered an acceptable risk within this professional context.
Audit Metadata