coda-ai
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
coda-aibinary to interact with the Coda.io API. These commands are restricted to document retrieval and authentication management (docs, pages, read, auth, whoami, logout). - [CREDENTIALS_UNSAFE]: The skill requires a
CODA_API_TOKEN. It provides clear instructions for secure storage at~/.coda-ai/config.jsonwith restricted file permissions (0600) and includes a logout command to remove stored credentials. - [EXTERNAL_DOWNLOADS]: The skill installs the
coda-aipackage from the official NPM registry, which is a standard and expected practice for Node.js-based tools. - [DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were detected. Network activity is limited to communication with the Coda.io API via the documented CLI tool.
Audit Metadata