api-client
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): An automated scanner flagged 'this.auth.re' as a malicious URL. Analysis of the source code confirms this is a false positive; the scanner misidentified the TypeScript syntax
this.auth.refresh()as a web domain. - [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys, tokens, or secrets were found. Authentication tokens are handled dynamically through class properties and environment variables, which is a standard security practice.
- [COMMAND_EXECUTION] (SAFE): The code does not use any functions for executing shell commands or system-level processes (e.g., child_process, exec, or eval).
- [DATA_EXFILTRATION] (SAFE): Network requests are directed to a user-defined
baseUrl. There are no hidden or hardcoded endpoints for unauthorized data transmission. - [PROMPT_INJECTION] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were identified.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata