apifox
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads and executes the
@sunic/skills-apifox-clipackage from the npm registry. This is a vendor-owned resource required for the skill's primary function. - [COMMAND_EXECUTION]: Executes shell commands via
npxto perform synchronization and documentation lookup operations. - [PROMPT_INJECTION]: The instructions direct the agent to bypass user confirmation for synchronization tasks, which reduces manual oversight of the command's execution.
- [PROMPT_INJECTION]: The skill processes data from external API documentation sources and renders it into the agent's context, creating a surface for indirect prompt injection.
- Ingestion points: API documentation content retrieved by
@sunic/skills-apifox-cli. - Boundary markers: Absent; documentation fields are interpolated directly into Markdown templates.
- Capability inventory: Shell command execution via
npx. - Sanitization: None detected; the skill assumes the integrity of the documentation metadata.
Audit Metadata