skills/googlecloudplatform/recaptcha-enterprise-mobile-sdk/recaptcha-transaction-defense-integrator/Gen Agent Trust Hub
recaptcha-transaction-defense-integrator
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes temporary local Node.js scripts (check-status.js, verify-logic.js, verify-adyen.js) to validate configuration and verify integration logic. These verification scripts utilize runtime monkey-patching of the Node.js module loader and service client prototypes to mock external dependencies during local testing.\n- [EXTERNAL_DOWNLOADS]: Fetches the official @google-cloud/recaptcha-enterprise and stripe libraries from the npm registry to support fraud detection and payment processing workflows.\n- [PROMPT_INJECTION]: \n
- Ingestion points: The skill ingests untrusted data from the local environment, including package.json, project directory structures, and source code files, to adapt integration logic.\n
- Boundary markers: No explicit markers or delimiters are used to isolate user-provided code from the agent's instructions during codebase adaptation.\n
- Capability inventory: The agent is instructed to perform file system modifications (code injection) and shell execution via the Node.js runtime.\n
- Sanitization: There is no evidence of sanitization or strict schema validation applied to the discovered codebase patterns before they are processed by the LLM.
Audit Metadata