api-designer
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface\n
- Ingestion points: Processes OpenAPI specifications (YAML/JSON) and scans codebase files to extract API route definitions in 'Spec' mode.\n
- Boundary markers: No explicit delimiters are used to separate untrusted specification content from the agent's system instructions.\n
- Capability inventory: The skill executes local Python scripts to parse and analyze data. These scripts are limited to file reading and structure parsing; no network or high-privilege file operations are present.\n
- Sanitization: Natural language fields within API specifications (such as descriptions and summaries) are not sanitized for potential embedded instructions.\n- [COMMAND_EXECUTION]: Local Utility Execution\n
- The skill invokes several local Python scripts (api-spec-validator.py, api-endpoint-matrix.py, compat-checker.py) via 'uv run'.\n
- Source code analysis of these utilities confirms they perform legitimate spec validation and comparison using yaml.safe_load(). No suspicious behaviors such as network communication, persistence mechanisms, or privilege escalation attempts were found.
Audit Metadata