openapi-ts-client
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes the @hey-api/openapi-ts package, which is a widely recognized and recommended tool for TypeScript client generation from OpenAPI specifications.
- [SAFE]: All external documentation and package references point to official and trusted domains such as heyapi.dev, fastapi.tiangolo.com, and unpkg.com.
- [SAFE]: Network activities are limited to fetching OpenAPI specifications from user-defined sources, including local development servers (localhost).
- [COMMAND_EXECUTION]: The skill provides a Python script for preprocessing OpenAPI specifications, involving JSON parsing and filesystem writes (references/fastapi-regen.md). This is a static, benign utility for project integration.
- [PROMPT_INJECTION]: Indirect prompt injection surface identified due to the processing of external OpenAPI contracts.
- Ingestion points: OpenAPI spec source defined in the 'input' field of openapi-ts.config.ts (SKILL.md, references/configuration.md).
- Boundary markers: Not specified.
- Capability inventory: Filesystem write access to the 'output' directory via the generator tool (SKILL.md).
- Sanitization: No explicit sanitization of the input specification is described.
Audit Metadata