shengwang-integration
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves documentation indices and markdown content from official vendor domains (
shengwang.cn,agora.io). These resources are used solely to provide accurate and up-to-date integration guidance for the requested services. - [COMMAND_EXECUTION]: Includes local bash scripts (
fetch-docs.sh,fetch-doc-content.sh) designed to automate documentation retrieval. These scripts use standardcurlcommands to interact with the vendor's official documentation APIs. - [CREDENTIALS_UNSAFE]: Provides thorough guidance on managing sensitive authentication details like
AGORA_APP_CERTIFICATEandAGORA_CUSTOMER_SECRET. The skill correctly mandates the use of environment variables and explicitly warns against hardcoding secrets or committing them to version control. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting remote documentation. However, as the source is restricted to the official vendor documentation and is central to the skill's primary function of providing integration support, this is classified as an acceptable functional risk.
Audit Metadata