iii-http-invoked-functions
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a documentation guide for developers to integrate external APIs into the iii engine. It provides high-level logic and pattern selection rules without including executable code or malicious instructions.
- [CREDENTIALS_UNSAFE]: The skill includes a specific guardrail advising against passing raw secrets in authentication fields. It explicitly recommends passing environment variable names (e.g., token_key, secret_key), which is a standard security practice for managing secrets in automated environments.
- [EXTERNAL_DOWNLOADS]: While the skill references JavaScript, Python, and Rust implementation files, these are relative path references (../references/) within the repository structure rather than downloads from untrusted or unknown external domains.
- [COMMAND_EXECUTION]: No shell commands, subprocess calls, or unauthorized system modifications were detected in the instructions or metadata.
Audit Metadata