api-integration-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily instructional, providing high-quality code templates for developers to integrate external services safely. All subprocess executions use argument arrays with
shell=Falseto prevent command injection vulnerabilities. - [SAFE]: Credentials (specifically
GITHUB_TOKEN) are handled correctly using environment variables (os.getenv), and the templates include validation logic to ensure tokens follow expected formats without logging them. - [SAFE]: The skill implements protective measures such as command whitelisting, execution timeouts, and rate limiting to prevent Denial of Service (DoS) and unexpected system impact.
- [COMMAND_EXECUTION]: While the skill demonstrates command execution via the
gh(GitHub) CLI, it does so using secure patterns that explicitly mitigate risks associated with untrusted input.
Audit Metadata