zapis-appointment-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (LOW): The .env.example files contain hardcoded values for ZAPIS_API_KEY and client secrets. While these are necessary for the web service's public API, they should ideally be provided by the user.
- [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes the Playwright library and downloads browser binaries. These downloads are from trusted Microsoft repositories.
- [PROMPT_INJECTION] (LOW): The skill ingests untrusted data from Zapis.kz salon profiles and API responses, which could contain indirect prompt injections. 1. Ingestion points: zapis.kz salon pages. 2. Boundary markers: Absent. 3. Capability inventory: Command execution via subprocess for API and Playwright scripts. 4. Sanitization: Deterministic processing in slots_normalize.py.
- [COMMAND_EXECUTION] (SAFE): The skill executes local Python and shell scripts to interact with the appointment service, which is appropriate for its stated purpose.
Audit Metadata