shipstation-orders
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill interacts with the official ShipStation API (ssapi.shipstation.com). This communication is necessary for the skill's operation and targets a well-known service domain.
- [PROMPT_INJECTION]: The skill processes external data from the ShipStation API, which represents an indirect prompt injection surface.
- Ingestion points: Order details (e.g., customer names, shipping service) from the API response in check-orders.js and check-shipping.js.
- Boundary markers: None.
- Capability inventory: The scripts output JSON data to the console; they do not evaluate or execute any content of the API response.
- Sanitization: None.
Audit Metadata