claude-api
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: References official and trusted Anthropic SDKs (anthropic and @anthropic-ai/sdk) for installation via standard package managers.
- [COMMAND_EXECUTION]: Includes standard shell commands for environment configuration and package management, which are typical for the skill's purpose.
- [CREDENTIALS_UNSAFE]: Correctly advises against hardcoding API keys and provides generic placeholders for environment setup instructions.
- [DATA_EXFILTRATION]: Demonstrates reading a local image file for the Claude Vision API using standard Python patterns, consistent with documented API features.
- [PROMPT_INJECTION]: The skill provides templates for processing user messages. Evidence chain: (1) Ingestion points: user input fields in message payloads; (2) Boundary markers: absent; (3) Capability inventory: API network operations, tool execution loops, and local file reading; (4) Sanitization: absent. While this establishes a surface for indirect prompt injection, it represents standard API integration patterns and is consistent with the primary purpose of the skill.
Audit Metadata