skyeline-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious code patterns, obfuscation, or unauthorized access attempts were detected. The skill correctly demonstrates using process environment variables for sensitive API keys.
- [DATA_EXFILTRATION]: The skill performs network operations specifically targeting the official api.skyeline.dev domain, which is the expected behavior for the service being integrated.
- [PROMPT_INJECTION]: The skill facilitates prompt template management and variable interpolation, creating an indirect prompt injection surface (Category 8). 1. Ingestion points: app.prompts.populatePrompt in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Network requests to the Skyeline API. 4. Sanitization: Absent. These features are fundamental to the SDK's purpose and are not associated with dangerous local execution capabilities.
Audit Metadata