apideck-node
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references official NPM packages @apideck/unify and @apideck/vault-js, as well as a CDN link to unpkg.com for the Vault JS library, all of which are managed by the vendor.\n- [SAFE]: The documentation explicitly prohibits hardcoding credentials and provides an example of timing-safe verification using Node.js's crypto.timingSafeEqual for processing incoming webhooks.\n- [PROMPT_INJECTION]: Potential surface for indirect prompt injection is noted as the skill processes data from external third-party integrations.\n
- Ingestion points: Data retrieved from 200+ connectors across multiple references (e.g., references/crm-api.md, references/accounting-api.md).\n
- Boundary markers: Absent from the integration patterns.\n
- Capability inventory: Network-based CRUD operations on CRM, HRIS, and Accounting data; file system operations via File Storage API.\n
- Sanitization: Not explicitly implemented in the provided code snippets.
Audit Metadata