api-documenter

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The generation script scripts/generate_openapi.py represents an indirect prompt injection surface by taking user-provided arguments and directly interpolating them into a YAML template. Maliciously crafted inputs could modify the resulting specification structure beyond the intended fields.\n
  • Ingestion points: Command-line arguments in scripts/generate_openapi.py (e.g., --name, --base-url).\n
  • Boundary markers: None.\n
  • Capability inventory: Bash (script execution), Write (file creation), Edit.\n
  • Sanitization: Absent; the script uses raw f-string interpolation.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to run included Python scripts for automation. These scripts handle local file creation and validation.\n- [SAFE]: No sensitive data exposure, hardcoded credentials, or remote code execution risks were identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 06:16 PM
Security Audit — agent-trust-hub — api-documenter