remix-rest-snippets
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill uses
process.env.REMIX_API_KEYfor authentication. This is a secure practice as it avoids hardcoding sensitive credentials and relies on the user's environment for secret management. - [EXTERNAL_DOWNLOADS]: All network requests are directed to
api.remix.gg, which is the official and expected domain for the Remix platform described in the skill's metadata. These requests are for legitimate API operations such as fetching documentation, creating games, and managing assets. - [NO_CODE]: The skill contains only informational code snippets and does not include any executable scripts or binary files that would run automatically.
- [INDIRECT_PROMPT_INJECTION]: While the code snippets process responses from an external API (data ingestion surface), the logic is restricted to standard error handling and state management. There is no evidence of unsafe interpolation of external data into prompts or high-privilege commands.
Audit Metadata