api-integration
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill correctly demonstrates using environment variables (
process.env.API_KEY) and placeholders for credentials. No hardcoded secrets or unauthorized exfiltration patterns were found. - [Obfuscation] (SAFE): No zero-width characters, multi-layer encoding, or homoglyphs detected. The code snippets are transparent and standard.
- [Unverifiable Dependencies] (SAFE): The skill does not attempt to install third-party packages or execute remote scripts. It uses built-in or standard libraries like HttpClient and fetch.
- [Indirect Prompt Injection] (LOW): As an API integration tool, it naturally handles untrusted external data from API responses.
- Ingestion points: API response bodies via
ReadAsStringAsync()andresponse.json(). - Boundary markers: None explicitly provided in the code snippets for prompt boundaries.
- Capability inventory: Network requests (GET/POST) via standard HTTP clients.
- Sanitization: Uses standard JSON deserialization which prevents code execution but does not sanitize content for downstream LLM prompts.
Audit Metadata