speak-security-basics
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate security instructions for API integration, emphasizing the use of environment variables,
.gitignore, and secrets managers (e.g., AWS Secrets Manager) for handling credentials. - [SAFE]: Code examples demonstrate industry-standard security practices, such as HMAC-SHA256 signature verification for webhooks, timing-safe comparisons, and AES-256-GCM encryption for data at rest.
- [SAFE]: Network operations are restricted to health checks against the official Speak API domain (
api.speak.com), which is consistent with the skill's stated purpose. - [SAFE]: Data handling instructions promote privacy by recommending the redaction of PII, enforcing data retention policies, and providing mechanisms for user data export and deletion.
Audit Metadata