subconscious-dev
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The documentation correctly identifies best practices for handling sensitive information. API keys are represented by placeholders (e.g., 'YOUR_API_KEY') or references to environment variables (e.g., 'process.env.SUBCONSCIOUS_API_KEY'), which prevents accidental exposure.
- [Remote Code Execution] (SAFE): The skill describes a 'Function Tools' mechanism where the platform executes HTTP requests to user-defined URLs. While this involves outbound network activity, it is a documented core feature of the platform for tool integration and does not constitute an unauthorized RCE vulnerability within the skill itself.
- [Prompt Injection] (SAFE): The provided files are reference documents and do not contain executable prompts or instructions intended to override AI safety guardrails or system instructions.
- [Command Execution] (SAFE): Shell examples provided are standard
curlcommands for API interaction and do not include malicious payloads or unauthorized system access patterns.
Audit Metadata