api-documenter
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The generation script
scripts/generate_openapi.pyrepresents an indirect prompt injection surface by taking user-provided arguments and directly interpolating them into a YAML template. Maliciously crafted inputs could modify the resulting specification structure beyond the intended fields.\n - Ingestion points: Command-line arguments in
scripts/generate_openapi.py(e.g.,--name,--base-url).\n - Boundary markers: None.\n
- Capability inventory:
Bash(script execution),Write(file creation),Edit.\n - Sanitization: Absent; the script uses raw f-string interpolation.\n- [COMMAND_EXECUTION]: The skill uses the
Bashtool to run included Python scripts for automation. These scripts handle local file creation and validation.\n- [SAFE]: No sensitive data exposure, hardcoded credentials, or remote code execution risks were identified.
Audit Metadata