Generate a full Phoenix JSON API from an OpenAPI spec or natural language description. Creates contexts, Ecto schemas, migrations, controllers, JSON views/renderers, router entries, ExUnit tests with factories, auth plugs, and tenant scoping. Use when building a new Phoenix REST API, adding CRUD endpoints, scaffolding resources, or converting an OpenAPI YAML into a Phoenix project.
Security Analysis
high confidenceThe skill's instructions, reference files, and requirements are coherent with its stated purpose (scaffolding Phoenix JSON APIs); it requests no credentials or installs and appears to be an instruction-only code generator.
The name/description (Phoenix API Generator) match the SKILL.md and the included reference files (Phoenix conventions, Ecto patterns, test patterns). There are no unrelated credentials, binaries, or install steps requested — everything present is relevant to scaffolding a Phoenix app.
The SKILL.md describes parsing OpenAPI or natural-language input, generating migrations, schemas, contexts, controllers, tests, and auth plugs, and instructs the agent to ask the user before writing files. It does not instruct reading unrelated system files or secrets. However, it is vague about the target filesystem path, backup/rollback behavior, and conflict resolution for existing files — you should ensure the skill will write only in the intended project directory and that generated files are reviewed before committing.
No install spec is provided and the skill is instruction-only, so nothing is downloaded or written to disk by an installer. This is the lowest-risk install model.
The skill declares no required environment variables, credentials, or config paths. The examples reference common runtime functions (e.g., System.unique_integer, Ecto.UUID.generate) but do not attempt to access secret environment variables or unrelated system configuration.
The skill is not marked always:true and requests no persistent system modification beyond writing generated project files when invoked. The platform default allows autonomous invocation (disable-model-invocation: false); if you are concerned about an agent invoking file-write operations without supervision, consider disabling autonomous invocation for this skill or requiring explicit confirmation before any writes.
Guidance
This skill appears to be a coherent Phoenix code generator and does not request secrets or downloads. Before using it: (1) run it in a safe/sandbox project or a new git branch so you can review and revert generated files; (2) confirm the intended output path and that the skill will prompt before writing; (3) review generated auth plugs and token verification code — the skill scaffolds patterns but you must integrate secure token/key handling and secrets management yourself; (4) run your test suite and linters on generated code; (5) if you do not want an agent to create files autonomously, disable automatic invocation or require an explicit manual step. Overall the skill is internally consistent, but always review and test generated code before deploying.
Latest Release
v1.0.0
- Initial release of phoenix-api-gen. - Generates a full Phoenix JSON API from an OpenAPI spec or natural language description. - Creates contexts, Ecto schemas, migrations, controllers, JSON views/renderers, router entries, ExUnit tests with factories, authentication plugs, and tenant scoping. - Supports both OpenAPI-driven and natural language-driven workflows. - Follows Phoenix and Ecto conventions, including multi-tenancy and comprehensive test generation.
More by @gchapim
Published by @gchapim on ClawHub
