apollo-prod-checklist
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's behavior is entirely consistent with its stated purpose of providing a production deployment checklist for Apollo.io. No malicious patterns or security vulnerabilities were detected.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform health checks and API validation via
curl. It targets the official Apollo.io API (api.apollo.io) and a user-defined$PROD_URL. These operations are standard for deployment verification and do not involve executing remote scripts or untrusted code. - [CREDENTIALS_UNSAFE]: The skill handles the
APOLLO_API_KEYenvironment variable. It performs basic validation by printing the key's length and its first eight characters. While revealing parts of a secret is generally a security risk, in the context of a developer-run production checklist, it serves as a legitimate configuration verification step. The skill also includes acurlcommand that passes the API key as a query parameter; while using headers is a preferred security practice, this is a common implementation for simple health check endpoints. - [DATA_EXFILTRATION]: Network operations are restricted to the official Apollo.io API and the production URL specified by the user in the environment. No data is sent to unknown or unauthorized third-party domains.
Audit Metadata