oauth-callback-handler
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- No Code (SAFE): The skill consists entirely of markdown documentation and YAML metadata. There are no scripts, executables, or configuration files present that could perform malicious actions.
- Indirect Prompt Injection (LOW): The skill defines an ingestion point for user requests related to OAuth callbacks. It possesses high-privilege capabilities such as
BashandWrite. Although it lacks specific boundary markers or sanitization logic for processing untrusted OAuth data, the instructions focus on providing guidance and generating code rather than autonomously executing logic on external payloads. - Tool Permission Review (INFO): The skill specifies
Bash,Write, andEditas allowed tools. While powerful, there is no evidence of these tools being used for persistence, exfiltration, or unauthorized system modification within the skill's instructions.
Audit Metadata