smartthings-smartapps
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No override markers or bypass attempts were found in the skill instructions.
- [Data Exposure] (SAFE): No sensitive file paths, secrets, or hardcoded credentials were detected.
- [Remote Code Execution] (SAFE): The skill does not contain any code or script execution patterns.
- [Indirect Prompt Injection] (LOW): The skill directs the agent to read external developer documentation which constitutes an ingestion surface. However, the targets are restricted to the official 'developer.smartthings.com' domain. Evidence chain: 1. Ingestion points: URLs in smartapps-links.md. 2. Boundary markers: Absent. 3. Capability inventory: No command execution or file-write capabilities present. 4. Sanitization: Absent.
Audit Metadata