alova-client-usage
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch up-to-date information from the official Alova.js documentation site (alova.js.org). These are trusted resources for the library's functionality and do not pose a security risk.
- [PROMPT_INJECTION]: The skill contains operational instructions for the AI to prioritize live documentation over training data to ensure accuracy. These are benign behavioral guidelines and do not attempt to override safety protocols or ignore system instructions.
- [CREDENTIALS_UNSAFE]: Code snippets for setting up request interceptors use safe placeholders like 'Bearer token' and 'https://api.example.com'. No actual credentials or sensitive environment variables are exposed.
- [COMMAND_EXECUTION]: The skill provides standard, safe terminal commands for package installation (e.g., 'npm install alova') as part of the setup documentation.
Audit Metadata