a6-plugin-cors
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of technical documentation and usage examples for configuring Cross-Origin Resource Sharing (CORS) in Apache APISIX.
- [COMMAND_EXECUTION]: The skill provides examples of using the
a6CLI to create and update routes. These examples use local JSON payloads via HEREDOC and do not involve remote code execution or suspicious subprocess calls. - [PROMPT_INJECTION]: No evidence of prompt injection, role-play instructions, or attempts to override system guidelines was found in the text or metadata.
- [DATA_EXPOSURE]: There are no hardcoded credentials, API keys, or access to sensitive local file paths. The documentation correctly identifies and warns against the security risks of using
**(force-allow all) in CORS configurations.
Audit Metadata