order-fulfillment-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected in the skill's instructions or implementation snippets.
- [CREDENTIALS_UNSAFE]: The code correctly uses environment variables (e.g.,
process.env.SHIPPO_API_KEY) to manage sensitive credentials, avoiding hardcoded secrets. - [EXTERNAL_DOWNLOADS]: The skill references standard, well-known Node.js libraries such as
shippoandpdfkitfor fulfillment and label generation tasks. - [COMMAND_EXECUTION]: The skill focuses on application-level logic (API calls, PDF generation) and does not involve suspicious shell command execution or privilege escalation.
Audit Metadata