api-integration
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: The skill provides standard and secure boilerplate for API integrations. It demonstrates industry-standard practices, including using environment variables for sensitive credentials and implementing exponential backoff for retries.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets or credentials were found. All examples use placeholders or environment variable references (e.g.,
process.env.API_KEY,process.env.WEBHOOK_SECRET). - [EXTERNAL_DOWNLOADS]: The skill references standard, well-known libraries such as
stripe,jsonwebtoken, andexpress. These are legitimate dependencies for the stated purpose of building API clients and handling webhooks. - [SAFE]: An automated alert regarding 'this.ca' appears to be a false positive caused by the code snippet 'this.cache', which contains the character sequence interpreted as a domain by the scanner.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata