cult-film-curtis
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill utilizes environment variables for sensitive information such as EVM_PRIVATE_KEY and TMDB_API_KEY. No actual credentials are hardcoded in the source; instead, placeholders are provided in the documentation for user configuration.
- [EXTERNAL_DOWNLOADS]: The agent communicates with api.themoviedb.org for movie data and x402.org for payment facilitation. These are legitimate external services required for the skill's primary functions and are documented neutrally.
- [PROMPT_INJECTION]: The skill contains ingestion points for user-provided data through search queries and mood preferences. 1. Ingestion points: The query and mood parameters in the search and recommend handlers. 2. Boundary markers: Not explicitly defined in this programmatic implementation. 3. Capability inventory: Data retrieval from TMDB and payment processing. 4. Sanitization: The query is sanitized using encodeURIComponent before being sent to the TMDB API, and mood-based filtering is performed using standard string comparison methods.
Audit Metadata