api-generator
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions exclusively as a code scaffolding tool. It provides templates for common API tasks such as CRUD operations, authentication middleware, and test suites across multiple frameworks (Express.js, Flask, FastAPI).
- [COMMAND_EXECUTION]: The tool uses local Bash and Python scripts to process user-provided resource names and interpolate them into static code templates. This behavior is consistent with the skill's primary purpose as a generator.
- [CREDENTIALS_UNSAFE]: Security best practices are followed in the generated templates. For example, the authentication templates use environment variables (e.g.,
process.env.JWT_SECRET) rather than hardcoding sensitive keys, and include explicit comments advising users to change default values in production. - [DATA_EXFILTRATION]: No network exfiltration or unauthorized file access patterns were detected. The skill writes usage logs to a local directory (
~/.local/share/api-generator) and prints all generated code directly to the console for user review.
Audit Metadata