Skills
skills/postman-devrel/postman-claude-code-plugin/postman-context/Gen Agent Trust Hub

postman-context

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by ingesting untrusted data from Postman collections to generate local source code.
  • Ingestion points: External data enters the agent context via the getRequestCodeContext and getCollectionContext tools as specified in SKILL.md.
  • Boundary markers: The instructions do not define explicit boundary markers or ignore instructions to isolate potentially malicious text within API descriptions or metadata.
  • Capability inventory: The skill allows the agent to write new code files and modify existing ones across the local project directory as described in the 'File Placement' and 'API Maintenance Rules' sections of SKILL.md.
  • Sanitization: While the skill provides naming normalization for the filesystem, it lacks specific sanitization or filtering logic for descriptions or documentation fields that are interpolated into generated code comments.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 12:41 AM