Skills
skills/marco-meini/cursor/openapi-doc-from-controller/Gen Agent Trust Hub

openapi-doc-from-controller

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts documentation descriptions directly from JSDoc comments in the source code.
  • Ingestion points: Reads controller method implementation and JSDoc comments from TypeScript files (e.g., src/controllers/*.ts).
  • Boundary markers: No explicit instructions or delimiters are provided to the agent to ignore or sanitize instructions found within the processed code comments.
  • Capability inventory: The skill has the capability to write and modify files in the docs/ directory using the write tool, as well as update index files (index.js, index.html).
  • Sanitization: The instructions do not specify any validation or sanitization for the content extracted from the source code, allowing potentially malicious text in comments to be incorporated into the documentation or index files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 04:21 PM
Security Audit — agent-trust-hub — openapi-doc-from-controller