sanity-gsc
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the
@pagebridge/sanity-pluginand other dependencies from thePageBridge-IOorganization. These are unverifiable packages from a source not listed in the trusted external sources, presenting a potential supply-chain risk. - CREDENTIALS_UNSAFE (SAFE): The skill handles sensitive Google Service Account and Sanity credentials. It adheres to security best practices by using environment variable placeholders and a
.envconfiguration pattern rather than hardcoding secrets. - INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted data from GSC and Sanity APIs. (1) Ingestion points: Performance metrics and document content entering via GSC and Sanity. (2) Boundary markers: Absent in instructions. (3) Capability inventory: Network API communication, local database writes, and CMS writes. (4) Sanitization: No explicit validation or sanitization of external data is described in the documentation.
- COMMAND_EXECUTION (SAFE): Standard CLI operations (
pnpm sync,pnpm list-sites) are used as the primary interface. No malicious or obfuscated command patterns were detected.
Audit Metadata