Skills
skills/nyldn/public-apis-skill/public-api-lookup/Gen Agent Trust Hub

public-api-lookup

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the API catalog from the official public-apis GitHub repository to a local cache file. This is performed using standard Python libraries to ensure the data is up-to-date.
  • [COMMAND_EXECUTION]: The skill runs a local Python script to search and filter the API database. The script strictly handles parsing and filtering tasks without requesting elevated privileges or executing shell commands.
  • [PROMPT_INJECTION]: The skill processes descriptions from external API listings which presents a surface for indirect injection.
  • Ingestion points: scripts/search_apis.py reads the public-apis README.md.
  • Boundary markers: Results are returned as structured JSON though no specific delimiters are added to descriptions.
  • Capability inventory: File writing to /tmp and network access to GitHub in scripts/search_apis.py.
  • Sanitization: The script uses regex parsing to extract specific fields from the markdown table.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 05:48 AM
Security Audit — agent-trust-hub — public-api-lookup