cap-de-edit-embed
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate documentation and code samples for integrating with the Domo Business Intelligence platform. It does not contain any executable code or instructions that bypass security controls.
- [SAFE]: Code examples in TypeScript and Python demonstrate standard authentication patterns using well-known libraries like
jsonwebtokenandPyJWT. The implementation correctly includes security features such as short-lived expiration (exp) and unique token identifiers (jti) to prevent replay attacks. - [SAFE]: The documentation includes explicit security warnings, such as the instruction to never expose the
JWT_SECRETclient-side and to manage it using environment variables or a secrets manager. - [SAFE]: No evidence of prompt injection, data exfiltration, or obfuscation was found. The network operations described (constructing URLs for Domo's Identity Broker) are consistent with the skill's stated purpose.
Audit Metadata