Skills
skills/postman-devrel/postman-claude-code-plugin/generate-spec/Gen Agent Trust Hub

generate-spec

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes local commands find and ls to search for route files and existing documentation. It also runs postman spec lint to validate the generated specification. These commands are necessary for the skill's primary function.
  • [EXTERNAL_DOWNLOADS]: Mentions the postman-cli utility. The agent suggests installation via the npm registry if it is not present. This is a trusted dependency associated with the skill's author and targets a well-known service.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes codebase files. Ingestion points: Local source code files (JS, TS, PY, GO, JAVA, RB) and existing OpenAPI specs. Boundary markers: Absent. Capability inventory: File system write (postman/specs/openapi.yaml) and shell command execution. Sanitization: No explicit sanitization of codebase content is mentioned before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 12:41 AM