Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/algolia-core-workflow-a/Gen Agent Trust Hub

algolia-core-workflow-a

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill uses environment variables (process.env.ALGOLIA_APP_ID, process.env.ALGOLIA_ADMIN_KEY) for API authentication rather than hardcoding credentials, which aligns with security best practices.
  • [SAFE]: All external references and documentation links target official Algolia domains, which are recognized as well-known and trusted services.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its core functionality.
  • Ingestion points: Data is ingested from external Algolia indices via the searchSingleIndex method in SKILL.md.
  • Boundary markers: There are no boundary markers or instructions provided to the agent to disregard potentially malicious instructions embedded within the search results (hits).
  • Capability inventory: The skill is configured with broad capabilities including Write, Edit, and Bash via the allowed-tools frontmatter field.
  • Sanitization: There is no evidence of sanitization or validation of the content returned from the search index before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 09:29 PM