skills/jeremylongshore/claude-code-plugins-plus-skills/customerio-known-pitfalls/Gen Agent Trust Hub
customerio-known-pitfalls
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a set of guidelines and utility scripts for improving integration quality and security. No malicious behavior or patterns were found.
- [CREDENTIALS_UNSAFE]: The skill provides automated checks to detect hardcoded site IDs and API keys in source files, recommending the use of environment variables as a more secure alternative.
- [COMMAND_EXECUTION]: Uses
curlto query the Customer.io API for activity logs and attribute verification. These operations target the official API of a well-known service and align with the skill's diagnostic purpose. - [PROMPT_INJECTION]: The skill includes logic to scan local source code files (scripts/audit-integration.ts), which constitutes an ingestion point for untrusted data. However, the analysis is restricted to pattern matching (regex) and does not interpret or execute the code content, minimizing the risk of indirect prompt injection.
Audit Metadata