coda
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a provided Python script (
scripts/coda_export.py) to manage document exports and file system synchronization. - The script handles file creation, directory nesting based on document hierarchy, and deletion of stale files during incremental updates.
- Filenames are sanitized using a regular expression that restricts characters to alphanumeric, dots, underscores, dashes, and spaces, mitigating path traversal risks.
- [DATA_EXFILTRATION]: The skill instructions direct the agent to retrieve API tokens and document IDs from local environment files (
.env,.env.local). - This is a standard practice for secure credential management and does not involve unauthorized data transmission.
- [EXTERNAL_DOWNLOADS]: The script performs network requests to the official Coda API endpoint (
https://coda.io/apis/v1) using the Python standard library. - Communication is limited to the legitimate service required for the skill's primary function.
Audit Metadata