auth0-fastapi-api
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill integrates with 'auth0-fastapi-api', which is a recognized library from the 'auth0' vendor. All external URLs and package names are consistent with official Auth0 resources.
- [CREDENTIALS_UNSAFE]: The skill correctly instructs users to manage sensitive credentials like Domain and Audience using environment variables ('.env' files) rather than hardcoding them in source code. It uses clear placeholders for secrets in documentation and command examples.
- [EXTERNAL_DOWNLOADS]: Dependencies are installed via standard package managers from official registries (PyPI). Remote resources (JWKS endpoints) are managed internally by the SDK to verify token signatures.
- [COMMAND_EXECUTION]: Shell commands provided are limited to standard package installation ('pip install'), CLI tool usage for resource creation ('auth0 apis create'), and API testing via 'curl'. No unauthorized or dangerous command patterns were detected.
- [DATA_EXFILTRATION]: No patterns of sensitive data access followed by external network transmission were found. The skill's primary function is inbound token validation.
Audit Metadata