api-contract-review
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill provides architectural and design guidelines for REST APIs, focusing on correctness and backward compatibility. No malicious patterns were detected.
- [COMMAND_EXECUTION]: The skill includes a section for token optimization that suggests using standard shell utilities (
find,grep) to audit local source code for anti-patterns. These commands are used for pattern matching within the project context and do not involve network access or sensitive file manipulation. - [DATA_EXPOSURE & EXFILTRATION]: No sensitive data access or network exfiltration patterns were identified. The skill explicitly teaches security best practices, such as using DTOs instead of entities to prevent leaking internal database structures and suppressing stack traces in error responses.
- [INDIRECT_PROMPT_INJECTION]: As a code review skill, it processes user-provided source code. While this presents an ingestion surface for potential instructions embedded in code comments, the skill's capabilities are limited to standard file-system searches, which poses a low risk.
Audit Metadata