integration-logos
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override agent behavior or bypass safety guidelines were found.
- [Data Exposure & Exfiltration] (SAFE): The skill follows security best practices by using placeholders like 'YOUR_PICA_SECRET_KEY' and environment variables for API authentication. Network requests are limited to the service's own API and asset domains (picaos.com).
- [Indirect Prompt Injection] (SAFE): The skill involves fetching integration metadata (names, descriptions) from an external API. Evidence Chain: 1. Ingestion points: api.picaos.com/v1/available-connectors. 2. Boundary markers: Not applicable for the provided code snippets. 3. Capability inventory: The skill snippets are for rendering logos and metadata in a UI. 4. Sanitization: No explicit sanitization in snippets, but the severity is SAFE as this reflects the core intended purpose of the skill.
- [Remote Code Execution] (SAFE): The skill contains no scripts, binaries, or package installation commands. The provided code is for documentation and developer reference.
Audit Metadata