rxnorm-codes
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's logic and instructions do not contain any malicious patterns or safety guideline bypass attempts.
- [EXTERNAL_DOWNLOADS]: The skill integrates with the '@sequoiaport/codes' package and makes API calls to 'api.sequoiacodes.com'. These are verified vendor-owned resources that align with the skill's intended functionality.
- [CREDENTIALS_UNSAFE]: Authentication is handled correctly via the 'SEQUOIA_CODES_API_KEY' environment variable; no hardcoded API keys or secrets were found.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection (Category 8) by processing data from the RxNorm API. 1. Ingestion points: 'SKILL.md' (drug lookup and ingredient retrieval operations). 2. Boundary markers: Absent. 3. Capability inventory: Network requests to vendor API and structured data retrieval. 4. Sanitization: Not explicitly defined in the provided snippets. This risk is assessed as safe because the data source is a trusted vendor API returning structured drug information.
Audit Metadata