sinch-conversation-api
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides utility scripts and extensive documentation for the Sinch Conversation API, focusing on standard messaging operations like SMS, WhatsApp, and RCS.
- [SAFE]: All included scripts rely on Node.js built-in modules ("https", "crypto", "readline", "querystring") and do not download or execute external dependencies at runtime.
- [SAFE]: Security instructions in "SKILL.md" explicitly warn the agent to treat inbound content (e.g., from "MESSAGE_INBOUND" webhooks) as untrusted, recommending sanitization and validation before processing.
- [SAFE]: Credential management is handled securely via environment variables ("SINCH_PROJECT_ID", "SINCH_KEY_ID", "SINCH_KEY_SECRET"), with instructions provided to avoid hardcoding secrets.
- [SAFE]: The testing utility "test_webhook_triggers.cjs" uses hardcoded example payloads and does not access or exfiltrate local sensitive data.
Audit Metadata