yandex-direct
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were detected.
- [DATA_EXPOSURE]: The skill manages a sensitive Yandex OAuth token. It stores this token in a local
.envfile within the skill directory. This is standard practice for local CLI tools, and the documentation appropriately advises users on how to obtain and store it. - [COMMAND_EXECUTION]: The shell scripts use standard utilities like
curlfor API communication andjqfor JSON processing. All command-line arguments are handled in a controlled manner, specifically utilizingjqto build JSON payloads and sanitize input into appropriate formats (like numbers). - [EXTERNAL_DOWNLOADS]: All network requests are directed to official Yandex domains (
api.direct.yandex.com,api-sandbox.direct.yandex.com, andoauth.yandex.ru) required for the skill's primary purpose of API management.
Audit Metadata