api-load-tester
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes shell commands for benchmarking tools (k6, wrk, autocannon). It specifically instructions the agent to run generated scripts, as seen in the example using a here-doc to pipe JavaScript into the k6 run command.
- [DATA_EXFILTRATION]: To create realistic tests, the agent is instructed to read local source code files (TypeScript interfaces, Python dataclasses, Go structs) and API definitions. Data derived from these files is then sent to external API endpoints during the load test. This creates a pathway where structural information or content from the local codebase is transmitted to remote servers.
- [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection due to its ingestion of untrusted external data sources used to drive high-privilege operations.
- Ingestion points: OpenAPI/Swagger specifications, route definition files, and project source code files as defined in SKILL.md.
- Boundary markers: Absent. There are no instructions to wrap ingested content in delimiters or provide warnings to ignore instructions embedded within the processed data.
- Capability inventory: Execution of shell commands and binary tools (k6, wrk, autocannon) on the host system.
- Sanitization: Absent. The skill does not describe any sanitization or validation processes for the data read from the local filesystem before it is interpolated into scripts or shell commands.
Audit Metadata