Skills
skills/show-karma/skills/project-manager/Gen Agent Trust Hub

project-manager

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: All network requests are directed to the vendor's official API domain (gapapi.karmahq.xyz). The use of the KARMA_API_KEY is restricted to authorized authentication for project management tasks.
  • [SAFE]: The skill implements a secure credential handling pattern by delegating API key configuration to a separate 'setup-agent' skill, ensuring it does not handle registration or storage of secrets directly.
  • [COMMAND_EXECUTION]: Uses standard system utilities including curl for API communication and uuidgen for request tracking. These are utilized safely within the context of the skill's primary function.
  • [SAFE]: The skill manages potential indirect prompt injection risks by providing explicit instructions to ignore the text content of API responses for decision-making, using retrieved data only for structural identifiers like UIDs.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 12:59 PM