spicepod-config
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override agent behavior or bypass safety filters. The content is purely instructional for configuration tasks.
- Data Exposure & Exfiltration (SAFE): The skill uses safe placeholders for sensitive information (e.g.,
${ env:PG_USER },${ secrets:OPENAI_API_KEY }) rather than hardcoding credentials. No sensitive file paths or unauthorized network operations were detected. - Unverifiable Dependencies & Remote Code Execution (SAFE): While the skill mentions external 'dependencies' for Spicepods, these are standard references within the Spice ecosystem. No remote execution patterns (like piping curl to bash) or suspicious package installations are present.
- Obfuscation (SAFE): No encoded strings, hidden characters, or homoglyphs were found in the file.
- Privilege Escalation (SAFE): No usage of sudo or administrative elevation commands were found.
- Persistence Mechanisms (SAFE): No attempts to modify system startup scripts or shell profiles were detected.
Audit Metadata