superplane-canvas-builder
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for using the
superplaneCLI to manage workflows, including canvas creation, updates, and integration discovery. This is standard functionality for the intended automation platform. - [REMOTE_CODE_EXECUTION]: Provides documentation and templates for the Daytona integration, which is designed to execute arbitrary shell commands and code (Python, TypeScript, JavaScript) within isolated sandbox environments. These are managed, isolated environments intended for automation.
- [COMMAND_EXECUTION]: Documents a built-in SSH component capable of executing remote commands on specified hosts using user-provided credentials.
- [EXTERNAL_DOWNLOADS]: Directs users to
docs.superplane.comfor CLI installation and additional documentation resources. It explicitly warns against automatic installation of the CLI, requiring manual user intervention. - [DATA_EXFILTRATION]: Documents an HTTP request component and the use of environment variables to inject secrets (e.g.,
GITHUB_TOKEN,OPENAI_API_KEY) into execution nodes. This is a standard feature for automation workflows and follows vendor-provided secret management practices.
Audit Metadata