oro-gold
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious instructions, behavior overrides, or safety bypass patterns were detected in the skill's instructions or metadata.
- [DATA_EXFILTRATION]: No hardcoded credentials, sensitive file access, or unauthorized network operations were found. The skill uses environment variables for ORO API keys and communicates exclusively with the documented API endpoints.
- [REMOTE_CODE_EXECUTION]: There are no indicators of remote code execution, piped shell scripts, or dynamic execution of untrusted remote content.
- [COMMAND_EXECUTION]: The Python scripts utilize standard argument parsing and do not perform arbitrary command execution or subprocess spawning.
- [EXTERNAL_DOWNLOADS]: No unverified or dangerous external downloads were detected. The skill interacts with the ORO GRAIL API hosted on the Railway cloud platform, which is consistent with its stated purpose.
Audit Metadata