Skills
skills/naodeng/awesome-qa-skills/api-test-bruno/Gen Agent Trust Hub

api-test-bruno

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends the installation of @usebruno/cli via npm in the README and CI examples. This is the official command-line tool for the Bruno API client, a well-known open-source application.
  • [COMMAND_EXECUTION]: The skill includes shell scripts (scripts/run.sh, scripts/run-tests.sh) and CI configuration files (Jenkinsfile.bruno, github-actions-bruno.yml) that execute local Python scripts and the Bruno CLI to generate and run API tests. These are standard operations for the skill's intended purpose.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits a potential vulnerability surface as it processes untrusted external data (API definitions) to generate executable code.
  • Ingestion points: scripts/parse_api_sources.py reads content from various file formats including JSON, YAML, WSDL, and ZIP archives.
  • Boundary markers: None identified. The instructions do not explicitly warn the agent to ignore instructions embedded within the API definitions.
  • Capability inventory: Generated .bru files containing JavaScript tests are executed via the bru run command in scripts/run-tests.sh.
  • Sanitization: The scripts/generate_bruno_requests.py script applies basic slugification to file names, but user-controlled paths from API definitions are interpolated into the generated request files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 09:00 AM