Skills
skills/sisodiabhumca/agent-skills/http-api-smoke-tester/Gen Agent Trust Hub

http-api-smoke-tester

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill performs its stated purpose (HTTP API testing) without any hidden or malicious behaviors. It uses the Python standard library (urllib) to make requests, avoiding external dependencies.
  • [DATA_EXFILTRATION]: While the skill communicates with external URLs, this is the intended primary function of a smoke tester. The implementation includes a specific REDACT_HEADERS mechanism to prevent the accidental exposure of sensitive credentials (Authorization, x-api-key) in the output logs.
  • [COMMAND_EXECUTION]: The script reads a local JSON file (--plan) to determine its actions. While this constitutes an attack surface for indirect instruction injection, the script does not use dangerous functions like eval() or os.system(). Instead, it uses a custom, safe parser (_get_by_json_path) for processing response data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:09 PM
Security Audit — agent-trust-hub — http-api-smoke-tester