Skills
skills/blunotech-dev/agents/rest-api-doc/Gen Agent Trust Hub

rest-api-doc

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes untrusted external data (route definitions, controller code, and prose) to generate its output.
  • Ingestion points: The workflow in SKILL.md explicitly accepts raw code, curl examples, and plain prose descriptions as input.
  • Boundary markers: There are no explicit markers or instructions provided to the agent to distinguish between documentation instructions and potentially malicious content embedded within the source code comments or strings being analyzed.
  • Capability inventory: The skill is authorized to write files to the /mnt/user-data/outputs/ directory and use the present_files tool to display them to the user.
  • Sanitization: The instructions do not specify any sanitization or validation steps for the input data before it is interpolated into the markdown or OpenAPI templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 05:38 PM
Security Audit — agent-trust-hub — rest-api-doc