groq-multi-env-setup
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill follows security best practices for environment-specific configuration management.
- [COMMAND_EXECUTION]: The skill includes instructions for using cloud-native secret management tools (AWS Secrets Manager, GCP Secret Manager, and HashiCorp Vault) to retrieve API keys. These commands are consistent with the tool permissions defined in the skill metadata and represent a secure way to handle sensitive data without hardcoding it in source files.
- [SAFE]: The TypeScript configuration loader uses dynamic loading via
require(). However, the implementation includes a validation step that checks the environment name against a hardcoded whitelist ('development', 'staging', 'production') before attempting to load the file, effectively preventing path traversal or arbitrary file inclusion.
Audit Metadata