pachca-messages
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: All network communication is restricted to the official Pachca API at
api.pachca.com. This is consistent with the skill's purpose and is performed using standardcurlcommands. - [SAFE]: The skill does not contain hardcoded credentials. It explicitly instructs the agent to request an access token from the user if one is not already provided in the context.
- [SAFE]: The file upload process implements a secure two-step mechanism. It first retrieves upload parameters and a pre-signed
direct_urlfrom the Pachca API before performing the actual file transfer, which is a standard security pattern for cloud storage. - [SAFE]: Although the skill processes untrusted data when reading message history, this is an inherent feature of a messaging integration. The risk is minimized as the agent's capabilities are focused on API interactions within the Pachca ecosystem.
Audit Metadata