api-design

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection as it processes untrusted user data into generated artifacts.
  • Ingestion points: User-provided descriptions and integration ideas enter the agent's context during 'Step 1: Frame the contract problem' in SKILL.md.
  • Boundary markers: The instructions lack explicit delimiters or 'ignore instructions' warnings when handling user input.
  • Capability inventory: The skill is authorized to use Write and Edit tools to create and modify file artifacts (referenced in SKILL.md Step 6).
  • Sanitization: There is no evidence of input validation or escaping procedures to ensure user-provided data does not contain malicious instructions that could influence the agent's behavior during contract generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 04:58 AM
Security Audit — agent-trust-hub — api-design