mutation
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill provides documentation and GraphQL examples for interacting with official Crystallize API endpoints (api.crystallize.com and shop-api.crystallize.com).
- [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The skill correctly uses descriptive placeholders like
YOUR_TOKEN_ID,YOUR_TOKEN_SECRET, andYOUR_JWT_TOKENfor authentication headers. - [EXTERNAL_DOWNLOADS]: The skill recommends the official
@crystallize/js-api-clientNode.js package, which is a trusted resource from the skill vendor. - [PROMPT_INJECTION]: No prompt injection or behavior override patterns were detected in the instructions.
- [COMMAND_EXECUTION]: The skill mentions standard
curlcommands for API testing, but does not instruct the agent to execute untrusted or dangerous system commands.
Audit Metadata