Skills
skills/soderlind/skills/add-apim-api/Gen Agent Trust Hub

add-apim-api

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests untrusted user data—such as API names, backend URLs, and path prefixes—and interpolates these values directly into generated Bicep infrastructure files (e.g., infra/modules/api-management/apis/{api-name}.bicep).
  • Ingestion points: User-provided requirements gathered in Step 1 (SKILL.md).
  • Boundary markers: None specified in the instructions to prevent the model from obeying instructions embedded in the user-provided API configuration data.
  • Capability inventory: The skill creates and modifies local Bicep files and executes shell commands (az bicep build).
  • Sanitization: No explicit sanitization or validation logic is defined for the user-supplied identifiers or URLs before they are written to the filesystem.
  • [COMMAND_EXECUTION]: The skill uses the az bicep build command to validate the generated infrastructure code. This is a standard operation within the Azure CLI environment for development workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 12:02 PM
Security Audit — agent-trust-hub — add-apim-api