Skills
skills/jochenyang/jochen-ai-rules/api-designer/Gen Agent Trust Hub

api-designer

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: A surface for indirect prompt injection exists in the documentation generation workflow.
  • Ingestion points: scripts/openapi-gen.sh reads JavaScript and TypeScript files from the source directory.
  • Boundary markers: No delimiters or protective instructions are used to separate extracted code content.
  • Capability inventory: The skill performs shell script execution and external tool invocation via npx.
  • Sanitization: Extracted route data is written to the output specification without validation.
  • [COMMAND_EXECUTION]: Helper scripts perform automated shell operations.
  • Evidence: scripts/openapi-gen.sh utilizes standard system utilities including find, grep, and sed.
  • [EXTERNAL_DOWNLOADS]: The skill executes remote Node.js packages to facilitate generation tasks.
  • Evidence: scripts/openapi-gen.sh uses npx to run established packages like tsoa and swagger-jsdoc.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 03:12 AM
Security Audit — agent-trust-hub — api-designer