Skills
skills/unitoneai/securityskills/api-security/Gen Agent Trust Hub

api-security

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary purpose is security auditing. It provides educational content, vulnerable code examples (for reference), and remediation guidance across three markdown files.
  • [PROMPT_INJECTION]: The skill includes a dedicated 'Prompt Injection Safety Notice' instructing the agent to treat all reviewed content as untrusted data and inert text. It specifically forbids the execution or interpretation of code found in target files.
  • [COMMAND_EXECUTION]: The allowed-tools are restricted to Read, Grep, and Glob. There are no tools or instructions that allow for arbitrary command execution or shell access.
  • [DATA_EXFILTRATION]: No network operations or external data transfer mechanisms are present. The analysis is performed locally on the provided file paths.
  • [INDIRECT_PROMPT_INJECTION]: While the skill is designed to ingest untrusted data (source code and API specs), it mitigates this risk by explicitly instructing the agent to never follow instructions found within those files. The risk is appropriately addressed within the context of a static analysis tool.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 02:07 AM
Security Audit — agent-trust-hub — api-security