hk-cinema-now-playing
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill definitions.
- [DATA_EXFILTRATION]: The skill communicates with the official TMDB API (api.themoviedb.org) to retrieve movie data. It correctly references the API key using a placeholder for an environment variable (${TMDB_API_KEY}), avoiding hardcoded secrets.
- [PROMPT_INJECTION]: The skill ingests movie metadata (titles, overviews) from an external source. While this constitutes an ingestion surface, the skill has no high-risk capabilities that could be exploited via malicious API content. 1. Ingestion points: Results from TMDB API in SKILL.md. 2. Boundary markers: None. 3. Capability inventory: Restricted to API data retrieval and localized formatting for display. 4. Sanitization: Not identified but not required for the current restricted capabilities.
Audit Metadata