spree-api-v3

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches technical documentation and OpenAPI specifications from the official Spree Commerce website to ensure accuracy during development.
  • [COMMAND_EXECUTION]: Includes instructions to generate a TypeScript client using the well-known @openapitools/openapi-generator-cli package.
  • [PROMPT_INJECTION]: The skill identifies external documentation as a source of information, which represents an indirect prompt injection surface.
  • Ingestion points: Documentation URLs and OpenAPI specifications from the official vendor site (spreecommerce.org) referenced in SKILL.md.
  • Boundary markers: None explicitly defined for processing external data.
  • Capability inventory: The skill utilizes file system tools (Write, Edit) and shell execution (Bash) for development tasks.
  • Sanitization: No specific content validation or filtering for external documentation is provided.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — spree-api-v3