Skills
skills/yonatangross/orchestkit/api-design-framework/Gen Agent Trust Hub

api-design-framework

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [Data Exposure] (HIGH): The script scripts/create-openapi-spec.md reads from .env files. Accessing environment files is a high-risk action as they frequently contain secrets, credentials, and sensitive configuration.
  • [Command Execution] (HIGH): The skill utilizes shell execution markers (!) to run local system commands like grep, wc, and cut for reconnaissance. This allows the skill to traverse the file system and inspect the user's code and environment.
  • [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data from local source files via grep and interpolates it directly into the prompt. Without sanitization or boundary markers, malicious instructions embedded in code comments could be executed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:30 AM