aiconfig-tools
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill provides curl command templates in SKILL.md and references/api-quickstart.md to interact with app.launchdarkly.com. These commands are standard for the skill's operational purpose and target a trusted service provider.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys or secrets were found. The skill correctly directs the agent to look for credentials in environment variables like LAUNCHDARKLY_API_KEY, which is a standard and secure practice for local agent tools.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill manages tool schemas which could theoretically contain malicious instructions. Evidence chain: 1. Ingestion points: JSON body of tool creation requests in references/api-quickstart.md; 2. Boundary markers: The skill uses structured JSON schemas; 3. Capability inventory: Network access via curl; 4. Sanitization: Relies on the structured nature of the API request. Severity is LOW as this is a standard capability surface.
Audit Metadata