Skills
skills/scalekit-inc/skills/modular-sso/Gen Agent Trust Hub

modular-sso

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing official SDKs from NPM (@scalekit-sdk/node), PyPI (scalekit-sdk-python), and GitHub (github.com/scalekit-inc/scalekit-sdk-go). These are vendor-owned resources and are considered safe.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes untrusted data from identity provider (IdP) initiated logins and authentication callbacks.
  • Ingestion points: The skill parses data from req.query (e.g., idp_initiated_login, code) in the /login and /auth/callback endpoints.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the processing logic.
  • Capability inventory: The skill performs network redirects and calls into authentication SDKs based on the input data.
  • Sanitization: Although the skill correctly recommends token validation (e.g., scalekit.validateToken), there is no evidence of sanitization for the raw query parameters before they are used to influence the application flow.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 04:54 AM