k-schoollunch-menu
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with an external API hosted at
https://k-skill-proxy.nomadamas.org(or a user-defined base URL) to retrieve school information and meal data. This domain is owned by the skill's author, NomaDamas. - [COMMAND_EXECUTION]: The skill uses the
curlutility to perform HTTP GET requests. It correctly uses the--data-urlencodeflag to ensure that user-provided input (school names, education offices) is safely handled, preventing command or URL injection. - [DATA_EXFILTRATION]: No sensitive local information, such as credentials or environment variables, is accessed or transmitted. The skill only sends user-inputted search criteria (school name, date) to the functional proxy server as intended.
- [CREDENTIALS_UNSAFE]: The skill does not contain hardcoded secrets. It explicitly states that authentication keys are maintained on the proxy server rather than within the agent environment, which is a recommended security practice.
Audit Metadata