oauth2-flow-helper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE] (SAFE): No executable code or scripts were detected in the skill file. The skill consists exclusively of markdown documentation and metadata configuration.
- [COMMAND_EXECUTION] (LOW): The metadata specifies Bash(npm:*) in the allowed-tools section. This grants the agent permission to execute npm-related shell commands. However, no malicious instructions or automated script executions are present in the skill body.
- [PROMPT_INJECTION] (LOW): The skill processes user-supplied security patterns, presenting an indirect injection surface (Category 8). (1) Ingestion points: User prompts for OAuth2 help; (2) Boundary markers: None; (3) Capabilities: Bash, Write, Grep; (4) Sanitization: None. The risk is assessed as low as no automated processing of external untrusted sources is defined.
Audit Metadata