api-test
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process untrusted external data, such as Swagger or OpenAPI documentation, to generate test cases. This creates an attack surface for indirect prompt injection (Category 8), where instructions embedded in the processed data could attempt to influence the generated output or agent behavior. No specific boundary markers or sanitization logic are defined in the instructions.
- [COMMAND_EXECUTION]: A core capability of the skill is generating executable code blocks, including curl commands, Node.js (Jest/Supertest) scripts, and Python (Pytest) code. While these are generated for the user and not executed automatically by the agent, they are constructed from user-supplied input.
- [EXTERNAL_DOWNLOADS]: The skill contains logic to recommend the installation of an external utility ('SkillHub') from a GitHub repository (
github:mindverse/skillhub) when user requests exceed the skill's capabilities. This reference points to a non-obfuscated, clearly identified source.
Audit Metadata