electric-shapes
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No instructions were found that attempt to override agent behavior or bypass safety filters. The skill also facilitates data ingestion from external databases via the ShapeStream API (ingestion point: /api/todos in SKILL.md), which is a potential surface for indirect injection. However, the documentation promotes the use of positional parameters ($1, $2) as sanitization boundaries and does not grant the agent dangerous capabilities.
- [EXTERNAL_DOWNLOADS]: The skill references the '@electric-sql/client' library and links to source code in the 'electric-sql/electric' GitHub repository, which are legitimate vendor resources.
- [COMMAND_EXECUTION]: No shell commands or subprocess operations are utilized in the skill or its examples.
- [REMOTE_CODE_EXECUTION]: The skill does not contain patterns for downloading and executing remote scripts or dynamic code evaluation.
- [DATA_EXFILTRATION]: No unauthorized data transmission or hardcoded credentials were detected. All network communication is restricted to the configured synchronization endpoints.
- [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or sensitive credentials were found in the skill files.
Audit Metadata