claude-api
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [System Access Capabilities]: The documentation for the Agent SDK describes tools for file manipulation ('Read', 'Write', 'Edit') and shell command execution ('Bash'). These features allow an agent to interact with its local environment to perform development tasks. The skill includes documentation for a permission system designed to manage these capabilities, allowing for user confirmation before dangerous operations are performed.
- [Environment and Credential Handling]: Code examples in the skill demonstrate the secure practice of retrieving sensitive information, such as API keys and database connection strings, from environment variables. This approach helps prevent the accidental exposure of credentials within application source code.
- [Input Sanitization]: Within the guidance for the 'code_execution' and 'Files' tools, the skill provides specific recommendations for sanitizing filenames using path utilities like
os.path.basename(). This advice is a security best practice intended to prevent path traversal vulnerabilities when an application writes files based on external input. - [External Resource Usage]: The skill references several official SDKs and documentation sites. All identified URLs and package names correspond to official resources provided by the trusted vendor or well-known services, which is consistent with the skill's stated purpose of assisting with API integration.
Audit Metadata