portaly-email
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were identified across the skill's instructions or reference documents.
- [CREDENTIALS_UNSAFE]: The skill correctly handles authentication by identifying the need for API keys (
pcs_live_*,pcs_test_*) and explicitly instructing users to store them in.envfiles rather than providing them in chat, which is a standard security best practice. - [DATA_EXFILTRATION]: Network operations are restricted to the vendor's official domain (
portaly.ai). There are no patterns suggesting the exfiltration of sensitive local files or environment variables to unauthorized third parties. - [EXTERNAL_DOWNLOADS]: References to external tools are limited to the vendor's own ecosystem, such as the
portaly-userskill from theportaly-aiorganization. No unvetted or suspicious third-party dependencies are introduced. - [COMMAND_EXECUTION]: Shell command examples (e.g.,
curl) are used for legitimate API interactions. The skill does not instruct the agent to execute arbitrary or dangerous commands on the host system. - [PROMPT_INJECTION]: The instructions are focused on operational workflows and do not contain phrases designed to bypass safety filters, extract system prompts, or override the agent's core behavioral constraints.
Audit Metadata