API Integration Specialist
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to bypass AI safety filters or override system constraints.
- Data Exposure & Exfiltration (SAFE): The skill actively promotes secure credential management by instructing users to use environment variables (
process.env) instead of hardcoding secrets. No unauthorized file access or exfiltration patterns were identified. - Obfuscation (SAFE): The content is clear and uses standard Markdown and JavaScript without any encoded or hidden characters.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references industry-standard libraries (Stripe, Twilio, SendGrid) and does not contain any suspicious remote script execution commands like
curl | bash. - Privilege Escalation (SAFE): No commands requesting administrative or root-level access were found.
- Persistence Mechanisms (SAFE): No attempts to modify system startup files or schedule tasks were detected.
- Indirect Prompt Injection (SAFE): While the skill describes processing external data (webhooks/APIs), it includes specific guidance on sanitization and cryptographic verification, reducing the surface for such attacks.
Audit Metadata