spice-models
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill uses safe secret placeholders like
${ secrets:OPENAI_API_KEY }instead of hardcoding credentials. No sensitive file paths or unauthorized network operations were detected. - [Prompt Injection] (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were found.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not install external packages or execute remote scripts. The provided
curlexample is a standard API query template targeting a local endpoint. - [Indirect Prompt Injection] (SAFE): While the skill facilitates the configuration of system prompts, it is a static documentation resource and does not ingest untrusted external data within the context of the skill itself.
Audit Metadata