api-enrichment
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external, untrusted content from OpenAPI definitions and prior specification files.
- Ingestion points: The agent reads
spec.md(Step 1) and external OpenAPI/Swagger documentation (Step 2a) provided via URL or JSON. - Boundary markers: The instructions do not specify the use of delimiters or "ignore embedded instructions" prompts when ingesting these external data sources.
- Capability inventory: The skill calls the
mcp-openapitool and generates complex technical specifications (enriched-spec.md). - Sanitization: No explicit sanitization or filtering of content extracted from API documentation fields (such as descriptions or summaries) is performed before processing or interpolation into output.
Audit Metadata