pachca-chats
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash curl tool to interact with official API endpoints at api.pachca.com. This is consistent with the skill's purpose and uses the vendor's infrastructure.
- [EXTERNAL_DOWNLOADS]: It includes a workflow for exporting chat history that involves downloading generated archives from the vendor's official domain.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The skill uses placeholders like <ACCESS_TOKEN> and $TOKEN and explicitly instructs the agent to ask the user for a token before proceeding.
- [PROMPT_INJECTION]: Although the skill ingests chat data which constitutes an indirect prompt injection surface, it does not contain any instructions that attempt to bypass safety guidelines or override system behavior.
Audit Metadata