novita-ai
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill correctly targets official vendor domains (api.novita.ai) and handles authentication via environment variables ($NOVITA_API_KEY).
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes content generated by external AI models. (1) Ingestion points: The agent receives data from LLM completions, image descriptions, and speech-to-text transcriptions (file: SKILL.md, references/llm-api.md, references/audio-api.md). (2) Boundary markers: Absent from the prompt instructions. (3) Capability inventory: The skill has access to shell tools (curl) and local script execution environments (python, node) as restricted in the allowed-tools metadata (file: SKILL.md). (4) Sanitization: No explicit sanitization of API-returned text is performed.
- [EXTERNAL_DOWNLOADS]: The skill fetches assets and data from the official novita.ai domain. These are trusted vendor resources essential for the skill's primary function.
Audit Metadata