optimizely
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides educational content and code templates for Optimizely CMS without any executable malicious logic. All instructions follow standard development practices for the framework.\n- [EXTERNAL_DOWNLOADS]: References to external resources, such as NuGet packages (Optimizely.CMS.*) and API endpoints (optimizely.com), are directed to well-known and trusted official services.\n- [CREDENTIALS_UNSAFE]: The API reference includes documentation for authentication (OAuth2 and API keys) using only placeholders like {client_id} and {client_secret}. No real credentials or secrets are hardcoded.\n- [PROMPT_INJECTION]: The skill provides code templates that render HTML from external data sources (e.g., using dangerouslySetInnerHTML). This is a standard architectural pattern for CMS headless frontends and is documented for educational purposes rather than representing a vulnerability in the skill's own execution.
Audit Metadata