tracekit-alerts
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions directing the agent to automate the authentication flow and avoid redundant manual user prompts. This is a behavioral constraint intended for workflow optimization rather than a bypass of safety filters. Evidence: The 'Auth Bootstrap' section instructs the agent: 'Do not tell the user to go sign up, log in separately, or manually create an API key before setup.'
- [COMMAND_EXECUTION]: The skill utilizes a local vendor script to verify the authentication state and uses standard CLI tools for API interactions. Evidence: References the execution of
./scripts/run-tracekit-auth.sh statusand variouscurlcommands tohttps://app.tracekit.dev/api/v1/alerts. - [CREDENTIALS_UNSAFE]: The skill accesses vendor-specific environment variables and local configuration files for API authentication. No hardcoded secrets were found in the instructions. Evidence: References
TRACEKIT_API_KEY,TRACEKIT_AUTH_TOKEN, and the configuration file~/.tracekitconfig. - [EXTERNAL_DOWNLOADS]: The skill directs the agent to interact with the vendor's official dashboard and API domain for configuration and monitoring tasks. Evidence: Links and API requests are directed to
app.tracekit.dev.
Audit Metadata