scry
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements proactive mitigations for potential indirect prompt injection from the public search corpus. Ingestion of untrusted data from the Scry API is governed by Rule 11, which provides a sanitization mechanism using a
content_riskfilter. This prevents adversarial content from entering the agent's context through search results. - [EXTERNAL_DOWNLOADS]: Trial API keys are retrieved from the vendor's official endpoint at
api.scry.io. This is an intended and documented feature for trial access and occurs within the vendor's own infrastructure. - [REMOTE_CODE_EXECUTION]: An automated scanner alert for a
curl | python3pattern was evaluated. The command uses Python's standard library to parse JSON data (python3 -c 'import json,sys; ...') from the vendor's API response. This is a standard utility pattern for data extraction and does not constitute the execution of untrusted remote code. - [COMMAND_EXECUTION]: The skill includes instructions for running a
cargo runcommand to perform a contract audit. This is a development-oriented task that operates on local source code and utilizes official package registries for dependencies. - [SAFE]: Secret management follows secure industry standards. The skill recommends storing credentials in a
.envfile rather than hardcoding them or passing them through insecure channels.
Audit Metadata