goldrush-foundational-api
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install official Node.js packages (@covalenthq/client-sdk and @covalenthq/goldrush-enhanced-spam-lists) via npm/yarn/pnpm. These packages belong to the authoring vendor 'covalenthq' and are required for the skill's primary function.
- [COMMAND_EXECUTION]: Documentation includes curl examples for interacting with api.covalenthq.com. These are legitimate examples for testing the REST API and target official vendor infrastructure.
- [CREDENTIALS_UNSAFE]: The integration guides and code snippets consistently use placeholders like 'YOUR_API_KEY' or 'YOUR_API_KEY_HERE' for authentication tokens. No hardcoded secrets or credentials were detected in any of the files.
- [SAFE]: The skill is strictly documentation-based, providing clear instructions, validation rules, and best practices for AI agents. It does not contain any obfuscated code, persistence mechanisms, or malicious prompt injection patterns.
Audit Metadata