api-designer
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a set of natural language instructions for an AI agent to generate text-based API specifications. It does not include any scripts, binaries, or executable code.
- [DATA_EXPOSURE]: No hardcoded credentials or sensitive file paths were found. The skill correctly uses placeholders like
<token>and<api-key>when describing API headers, which is a secure practice. - [REMOTE_CODE_EXECUTION]: There are no patterns of remote script downloading or execution. The skill purely generates markdown and JSON text blocks as output.
- [COMMAND_EXECUTION]: No shell commands or subprocess calls are present in the skill definitions.
- [PROMPT_INJECTION]: The instructions do not contain attempts to bypass safety filters or override the underlying agent's core safety guidelines. The guidance is focused entirely on the domain of API design.
- [EXTERNAL_DOWNLOADS]: The skill references local files (
references/domains.mdandreferences/testmu_example.md) but does not perform any external network requests or downloads from untrusted sources. - [INDIRECT_PROMPT_INJECTION]: While the skill processes user-provided system descriptions, it lacks the capabilities (such as file writing or network access) that would make an indirect injection attack viable. The output is limited to text generation within the conversation context.
- [SAFE]: References to 'Hyperexecute' and 'TestMu AI' are consistent with the skill's author, LambdaTest, and represent standard vendor-related platform suggestions.
Audit Metadata