kuroco-server-processing
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of instructional and reference documentation for the Kuroco Headless CMS, covering server-side processing, API usage, and automation patterns.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets or credentials are present. All examples involving authentication headers or API keys utilize descriptive placeholders such as 'YOUR_API_KEY' or 'YOUR_GITHUB_TOKEN'.
- [EXTERNAL_DOWNLOADS]: The documentation includes integration examples for well-known technology services like GitHub, Slack, and Google Cloud. These references are limited to legitimate integration patterns and do not involve downloading or executing untrusted code.
- [DATA_EXFILTRATION]: Capabilities for outbound communication (email, Slack, Webhooks) are described as intended platform features for system notifications and third-party synchronization. No evidence of unauthorized data harvesting was found.
- [REMOTE_CODE_EXECUTION]: While the skill explains how to implement server-side logic via Smarty templates, it explicitly documents platform-level security constraints that disable dangerous PHP tags and restrict available functions to a predefined safe list.
- [PROMPT_INJECTION]: The content was thoroughly scanned for adversarial patterns, role-play injections, or instructions to bypass safety filters; no such patterns were detected.
Audit Metadata