sinch-in-app-calling
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate documentation and helper scripts for integrating Sinch's voice and video calling features. All analyzed code assets (Java, Swift, and JavaScript) perform standard JWT generation and cryptographic operations required by the SDK.
- [EXTERNAL_DOWNLOADS]: The documentation references official Sinch domains (
sinch.com,developers.sinch.com,download.sinch.com) and the official Sinch GitHub repository (github.com/sinch/rtc-reference-applications). These are well-known resources provided by the vendor for SDK consumption and documentation. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by using placeholders (e.g.,
YOUR_APPLICATION_SECRET) and providing explicit, repeated warnings to developers against embedding secrets in production client-side code, advising backend token generation instead.
Audit Metadata