backend-endpoint
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructions to bypass its own 'ToM Checkpoint' verification step if the user uses keywords like 'quick' or 'skip confirmation'. This instruction reduces human-in-the-loop oversight and could be leveraged to execute misaligned or malicious generation tasks without review.
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection where untrusted user input is used to construct shell commands and source code files.
- Ingestion points: User-provided inputs for resource names, endpoint paths, and field specifications in 'SKILL.md'.
- Boundary markers: Absent. There are no instructions to the agent to treat user-provided strings as data only or to escape them before interpolation into templates.
- Capability inventory: The skill uses the 'Bash' tool to execute local Python scripts ('functions/endpoint_generator.py', 'functions/validation_generator.py') which in turn use the 'Write' tool to create or modify files on the filesystem.
- Sanitization: Partial. While 'functions/route_validator.py' checks for RESTful conventions in paths, it does not sanitize input against code injection in template placeholders (e.g., '${RESOURCE_NAME}') or shell injection in script arguments.
Audit Metadata