Skills
skills/ypyt1/all-skills/api-tester/Gen Agent Trust Hub

api-tester

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The agent is explicitly configured to use the Bash tool and is provided with example commands for load testing (ab, k6) and querying endpoints via loops (curl). This grants the agent the ability to execute arbitrary shell commands within its environment.
  • [EXTERNAL_DOWNLOADS]: The skill mentions and utilizes several industry-standard external testing utilities and frameworks, such as k6, dredd, and Gatling. The agent interacts with these external tools to perform its testing functions.
  • [PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection (Category 8).
  • Ingestion points: The agent retrieves data from external, potentially untrusted API endpoints using the WebFetch tool.
  • Boundary markers: No specific delimiters or instructions are provided to the agent to help it distinguish between legitimate API responses and malicious instructions embedded in the data.
  • Capability inventory: The agent possesses powerful tools including Bash (command execution), Write (file modification), and WebFetch (network access), which could be misused if the agent follows instructions from external data.
  • Sanitization: There is no requirement or logic defined for the agent to sanitize or validate the content fetched from external APIs before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:37 AM