swagger-api-query
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- External Downloads (LOW): The installation instructions recommend downloading the skill from a non-whitelisted GitHub repository (
zhihuihu/agent-skills). Per security policy, downloads from untrusted sources are flagged as a potential risk. - Command Execution (SAFE): The skill frequently executes a local Python script (
scripts/swagger_query.py) to process documentation. This is the intended behavior and does not involve elevated privileges or suspicious command patterns in the provided documentation. - Indirect Prompt Injection (LOW): The skill is specifically designed to ingest and summarize external OpenAPI JSON files, which constitutes a significant ingestion surface for untrusted data.
- Ingestion points: The
scripts/swagger_query.pyscript reads JSON data from files specified by the user or found in the local directory (e.g.,api-docs.json). - Boundary markers: Absent. There are no instructions in
SKILL.mdor the command outputs that explicitly warn the agent to ignore natural language instructions found within the JSONdescriptionorsummaryfields. - Capability inventory: The skill allows local command execution of the query script. If the script itself were to process malicious instructions from the JSON, it could influence the agent's next steps.
- Sanitization: Not evidenced. The documentation suggests the script returns content directly from the JSON for the agent to analyze, with no mention of stripping or escaping potentially malicious instructional content.
Audit Metadata