Skills
skills/pjt222/development-guides/configure-api-gateway/Gen Agent Trust Hub

configure-api-gateway

Warn

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: Multiple hardcoded credentials and secrets are present in the documentation and example files.
  • Evidence: POSTGRES_PASSWORD: "strongpassword123" in references/EXAMPLES.md (Kong deployment).
  • Evidence: Hardcoded API keys (mobile-secret-key-123, web-secret-key-456) and JWT secrets (mobile-jwt-secret-super-secure) in references/EXAMPLES.md (Kong auth config).
  • Evidence: Hardcoded password hashes in traefik-auth-middleware.yaml.
  • [COMMAND_EXECUTION]: The skill uses administrative privileges to install external tooling.
  • Evidence: Execution of sudo mv deck /usr/local/bin/ during the installation of the decK CLI in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: Fetches the decK management tool binary from Kong's official GitHub release page.
  • Evidence: https://github.com/Kong/deck/releases/download/v1.28.0/deck_1.28.0_linux_amd64.tar.gz in SKILL.md.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 10:51 PM