Skills
skills/yonatangross/skillforge-claude-plugin/api-design/Gen Agent Trust Hub

api-design

Warn

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The file scripts/create-openapi-spec.md utilizes dynamic context injection syntax (!command) to execute shell commands automatically when the skill is loaded or processed.
  • [COMMAND_EXECUTION]: Specifically, the script executes grep commands against local files including .env*, package.json, pyproject.toml, and source code files (.py, .ts).
  • [COMMAND_EXECUTION]: One specific command (grep -r "API_URL\|BASE_URL\|VITE_API" .env*) targets environment files. Although it filters for specific configuration keys, the automated reading of .env files is a high-risk pattern as they typically contain sensitive credentials.
  • [COMMAND_EXECUTION]: The skill also uses wc, date, and grep -oE within the dynamic context placeholders to populate template metadata without user intervention.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 8, 2026, 11:43 PM