api-test-restassure
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [DYNAMIC_EXECUTION]: The skill generates Java source code dynamically based on input API definitions (
scripts/generate_restassured_tests.py) and executes it using Maven (scripts/run.sh). This behavior is the primary intended function of the tool and is performed locally. - [INDIRECT_PROMPT_INJECTION]: The tool ingests external API definitions to drive code generation. Users should ensure these definition files are from trusted sources to prevent unintended code being generated into the test suite.
- Ingestion points:
scripts/parse_api_sources.py(multi-format API document parsers). - Boundary markers: None.
- Capability inventory: File writing in
scripts/generate_restassured_tests.pyand shell execution inscripts/run.sh. - Sanitization: Basic sanitization of test names is provided, though URL paths are directly interpolated into the code.
- [DATA_EXPOSURE_AND_EXFILTRATION]: Configuration files and test templates (
test.properties,BaseApiTest.java) use environment variables for sensitive data likeAPI_TOKEN. This is a recommended security practice for managing secrets in test automation.
Audit Metadata