documenso-debug-bundle
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash capabilities to execute diagnostic scripts and API tests via Node.js and curl. This is restricted to the local environment and the official Documenso API, aligned with the stated purpose of troubleshooting integrations.
- [EXTERNAL_DOWNLOADS]: The diagnostic scripts depend on the official
@documenso/sdk-typescriptand theexpressweb framework. These are well-known, reputable packages used for their intended functionalities. - [DATA_EXFILTRATION]: Scripts access the
DOCUMENSO_API_KEYto verify connectivity. The diagnostic output includes only the prefix of the key for verification, and no evidence of unauthorized data transmission was found. - [PROMPT_INJECTION]: No patterns associated with prompt injection, safety bypass, or instruction overriding were detected in the skill's files.
- [CREDENTIALS_UNSAFE]: The skill does not contain hardcoded credentials and correctly encourages the use of environment variables for managing API keys and webhook secrets.
Audit Metadata