creatorsignal-api
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script
scripts/poll-validation.shto facilitate API interaction. This script is well-structured, performs dependency checks, and uses standard environment variables for configuration. - [DATA_EXPOSURE]: The skill requires and manages a
CS_API_KEYenvironment variable. It includes explicit instructions and rules to prevent the agent from leaking or echoing this secret in its output. - [PROMPT_INJECTION]: The skill processes AI-generated video validation reports from an external API (
app.creatorsignal.io), which presents an indirect prompt injection surface. - Ingestion points: Validation reports are fetched via the polling script and example curl commands in
SKILL.mdandscripts/poll-validation.sh. - Boundary markers: None explicitly defined in the processing of API responses.
- Capability inventory: The skill has access to
Bash(curl, jq) and can perform network operations. - Sanitization: No explicit sanitization or filtering of the API-provided text is performed before being presented to the agent context.
Audit Metadata