skills/jeremylongshore/claude-code-plugins-plus-skills/customerio-local-dev-loop/Gen Agent Trust Hub
customerio-local-dev-loop
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill provides structured guidance and boilerplate code for configuring a local integration workflow.
- [CREDENTIALS_SAFE]: The implementation guide correctly instructs users to manage secrets using environment variables in
.envfiles and uses non-functional placeholder values (dev-api-key) in examples, preventing accidental credential exposure. - [COMMAND_EXECUTION]: The skill configuration uses a restrictive
allowed-toolspolicy that limits shell access to package managers (npm,pip). The provided shell scripts are standard development tasks for running tests and local scripts. - [DATA_EXPOSURE]: The provided TypeScript wrapper includes a dry-run mode and automated event prefixing (
dev_) to ensure development data remains isolated from production data and to prevent accidental side effects during testing.
Audit Metadata