apollo-security-basics
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGH
Full Analysis
- [CREDENTIALS_UNSAFE] (SAFE): The skill provides defensive guidance against hardcoding API keys. It uses explicit "BAD" and "GOOD" code examples to teach proper environment variable usage. Placeholder keys like 'sk_live_abc123...' are benign examples.
- [COMMAND_EXECUTION] (LOW): The skill requests
Bash(curl:*)permissions in its frontmatter. While no malicious commands are defined in the skill, this is a broad permission set for a primarily informational skill. The documentation includes common bash examples for environment variable management. - [REMOTE_CODE_EXECUTION] (SAFE): No patterns for downloading or executing remote code or scripts were detected. Code snippets use standard libraries (axios, pino).
- [DATA_EXFILTRATION] (SAFE): No code exists to transmit sensitive data to external domains. The logic provided actually focuses on redacting PII (Personal Identifiable Information) before it reaches logs.
- [PROMPT_INJECTION] (SAFE): No instructions attempt to override agent behavior or bypass safety guardrails. The content is purely instructional.
Recommendations
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata