api-security-tester
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes external, untrusted code provided by users (API route definitions, resolvers, and middleware) without specific boundary markers or instructions to disregard instructions embedded in the analyzed content.
- Ingestion points: User-supplied source code files identified for auditing in the workflow.
- Boundary markers: Absent; no specific delimiters or "ignore" instructions are provided to the agent regarding the content of the files being analyzed.
- Capability inventory: None; the skill's instructions are limited to pattern matching and reporting within the text context, with no subprocess, file-system write, or network capabilities.
- Sanitization: Absent; the skill does not instruct the agent to escape or validate the contents of the files before processing them for vulnerabilities.
Audit Metadata