Skills
skills/zhaono1/agent-playbook/api-designer/Gen Agent Trust Hub

api-designer

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is a collection of design patterns and markdown templates. Analysis of the skill instructions and code found no malicious patterns, obfuscation, or unauthorized data access.
  • [COMMAND_EXECUTION]: The skill includes two Python scripts, generate_api.py and validate_api.py, used for local file management. These scripts use the standard library and do not perform any dangerous operations.
  • [PROMPT_INJECTION]: The skill processes API specifications which could be retrieved from external sources or local files. This creates an indirect prompt injection surface.
  • Ingestion points: The skill uses WebFetch and WebSearch to gather design info and validate_api.py to read local markdown files.
  • Boundary markers: No explicit delimiters are used to separate untrusted data from instructions.
  • Capability inventory: The agent has access to file operations and local script execution.
  • Sanitization: No input validation is performed on ingested content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 06:16 PM