applovin-ads-integration
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No security issues or malicious patterns were detected during the analysis of the skill's instructions or code samples.
- [EXTERNAL_DOWNLOADS]: The skill references official mobile SDK dependencies for AppLovin, Google AdMob, and Meta Audience Network via standard package managers (CocoaPods and Gradle). These are well-known and trusted service providers.
- [DATA_EXFILTRATION]: The server-side postback implementation transmits purchase event data (revenue, transaction ID) to AppLovin's official production endpoint (
d.applovin.com). This behavior is consistent with the stated purpose of ad campaign optimization. - [CREDENTIALS_UNSAFE]: The skill demonstrates secure credential management by reading the AppLovin postback token from an environment variable (
process.env.APPLOVIN_POSTBACK_TOKEN) rather than hardcoding it in the source code.
Audit Metadata