skills/jeremylongshore/claude-code-plugins-plus-skills/documenso-core-workflow-b/Gen Agent Trust Hub
documenso-core-workflow-b
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Integrates with official libraries from the Documenso organization, specifically
@documenso/sdk-typescriptand@documenso/embed-react, to manage document signing workflows. - [DATA_EXFILTRATION]: Accesses local PDF files via the Node.js
fsmodule and transmits document metadata and recipient information to the Documenso API, which is the intended behavior for the service. - [CREDENTIALS_UNSAFE]: Adheres to secure practices by retrieving API authentication tokens from environment variables (
process.env.DOCUMENSO_API_KEY) rather than using hardcoded values. - [PROMPT_INJECTION]: The skill processes external data including file paths, recipient names, and email addresses.
- Ingestion points: File paths (
pdfPath) and recipient metadata provided in workflow inputs. - Boundary markers: None present.
- Capability inventory: File read/write access via platform tools and Node.js built-ins; network access via the Documenso SDK.
- Sanitization: Standard API client implementation without explicit input validation, typical for developer-focused integration guides.
Audit Metadata