skills/jeremylongshore/claude-code-plugins-plus-skills/customerio-upgrade-migration/Gen Agent Trust Hub
customerio-upgrade-migration
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the '@customerio/track' and 'customerio' packages from official registries (NPM and PyPI). These are well-known packages provided by the service the skill is designed to manage.
- [COMMAND_EXECUTION]: The implementation guide includes bash scripts for assessing the local environment (e.g., 'npm list', 'pip show') and verifying migration status. These are standard diagnostic commands.
- [CREDENTIALS_UNSAFE]: The skill demonstrates the correct use of environment variables ('CUSTOMERIO_SITE_ID' and 'CUSTOMERIO_API_KEY') for handling sensitive API credentials, avoiding hardcoded secrets.
- [INDIRECT_PROMPT_INJECTION]: The skill reads local project configuration files (e.g., package.json) to identify current SDK versions. This ingestion of local data is necessary for its stated purpose and does not involve processing untrusted external content.
Audit Metadata