Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/automating-api-testing/Gen Agent Trust Hub

automating-api-testing

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/generate_test_suite.py script assembles executable shell scripts from input strings and uses chmod 0o755 to grant execution permissions. This allows the generation and potential execution of dynamically created command sequences.
  • [PROMPT_INJECTION]: The skill's workflow (Instructions 1 and 2 in SKILL.md) involves reading and parsing external API specifications such as OpenAPI and GraphQL schemas. This represents an indirect prompt injection surface where a malicious specification could influence the agent's behavior.
  • Ingestion points: Parsing of OpenAPI and GraphQL specifications as defined in SKILL.md.
  • Boundary markers: The instructions lack specific delimiters or warnings to treat specification content as untrusted data.
  • Capability inventory: The skill possesses Bash, Write, and Edit tool permissions, which could be misused if the agent is misled by injected instructions.
  • Sanitization: No explicit sanitization or validation of input specification content is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 09:07 AM