Skills
skills/zrr1999/skills/get-api-docs/Gen Agent Trust Hub

get-api-docs

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands using the chub CLI tool, including chub search to find documentation, chub get to retrieve it, and chub annotate to save local notes.
  • [EXTERNAL_DOWNLOADS]: The chub get command downloads documentation from external, community-maintained sources. The integrity and safety of this content are dependent on the third-party 'chub' service and its contributors.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it fetches external data that the agent is then instructed to follow closely when writing code.
  • Ingestion points: External documentation content is ingested into the agent's context through the output of the chub get command (as described in SKILL.md).
  • Boundary markers: The skill lacks explicit delimiters or instructions to the agent to ignore any embedded commands or directives found within the fetched documentation.
  • Capability inventory: The environment allows the execution of shell commands (chub) and local file system modifications (~/.chub/annotations/).
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the retrieved documentation before the agent processes it for code generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 03:14 PM