all-routes-offline
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No hardcoded credentials or unsafe secret handling practices were identified. The skill explicitly guardrails against the use of hosted credentials like ALL_ROUTES_MCP_TOKEN.
- [SAFE]: Network activity is restricted to local surfaces (localhost) and the vendor's own verified domains (desk.travel). No unauthorized external data exfiltration patterns were detected.
- [SAFE]: Command execution is limited to standard local project startup commands (pnpm dev) within the workspace, which is typical for development-oriented skills.
- [SAFE]: No obfuscation techniques, such as Base64 encoding of commands or hidden Unicode characters, were present in the analyzed files.
- [SAFE]: The skill focuses on repository-grounded data and local handlers, reducing the risk surface for external prompt injection attacks.
Audit Metadata