api-contract
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a collection of markdown templates and process guidelines for API documentation and does not include any executable code, network operations, or sensitive file access.
- [PROMPT_INJECTION]: The skill includes instructions that create an indirect prompt injection vulnerability surface through file processing.
- Ingestion points: Untrusted data is ingested from
.claude/sprint/[N]/specs.mdto define the feature scope and requirements. - Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore embedded instructions' prompts when reading external specifications.
- Capability inventory: The skill's primary capabilities involve reading and writing markdown files within the localized project sprint directory.
- Sanitization: Absent; the content from the specifications is processed and interpolated into the generated API contract without explicit validation or sanitization steps.
Audit Metadata