spanora-setup
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill reads from and writes to the .env file to manage the SPANORA_API_KEY. Accessing .env files is risky as they often contain sensitive secrets such as AWS credentials or database passwords that are exposed to the agent during this process. Evidence: SKILL.md Step 2 instructions for API key management. \n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill triggers the installation of the @spanora/sdk and several OpenTelemetry packages. These are external third-party dependencies from public registries that are not included in the trusted source list. Evidence: SKILL.md Step 6 and references/langchain-python.md installation steps. \n- [COMMAND_EXECUTION] (LOW): The skill executes shell commands using various package managers (npm, pnpm, yarn, bun, pip, uv, poetry) to install software. Evidence: SKILL.md Step 6 package manager logic. \n- [Indirect Prompt Injection] (LOW): The skill reads untrusted data from local project configuration files to determine logic flow, creating a potential surface for indirect injection if these files are attacker-controlled. \n
- Ingestion points: SKILL.md (reads .env, package.json, pyproject.toml, requirements.txt, setup.py). \n
- Boundary markers: Absent. \n
- Capability inventory: SKILL.md (shell command execution for installations). \n
- Sanitization: Absent.
Audit Metadata