api-enrichment

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external, untrusted content from OpenAPI definitions and prior specification files.
  • Ingestion points: The agent reads spec.md (Step 1) and external OpenAPI/Swagger documentation (Step 2a) provided via URL or JSON.
  • Boundary markers: The instructions do not specify the use of delimiters or "ignore embedded instructions" prompts when ingesting these external data sources.
  • Capability inventory: The skill calls the mcp-openapi tool and generates complex technical specifications (enriched-spec.md).
  • Sanitization: No explicit sanitization or filtering of content extracted from API documentation fields (such as descriptions or summaries) is performed before processing or interpolation into output.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 06:19 AM
Security Audit — agent-trust-hub — api-enrichment