sdk-engineer
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external API specifications (OpenAPI, GraphQL SDL, Protobuf) as its primary source of truth, creating an indirect prompt injection surface.
- Ingestion points: Untrusted data enters the agent context via API specifications during the Discover and Scope phases described in SKILL.md and references/sdk_engineer_scope.md.
- Boundary markers: There are no explicit instructions in the prompt to treat documentation or description fields within these specifications as untrusted or to ignore embedded instructions.
- Capability inventory: The agent has access to powerful capabilities including code generation (openapi-generator), script execution (contract and integration tests), and network operations (references/sdk_testing_and_documentation.md).
- Sanitization: The skill mitigates this risk by recommending the use of validation and linting tools such as spectral or openapi-diff to verify the integrity of external specifications before they are processed.
Audit Metadata