line
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates communication with the official LINE Messaging API via
https://api.line.me. All network requests are directed to this legitimate service domain for bot management and messaging. - [COMMAND_EXECUTION]: Uses
curlandjqfor API interaction. The commands are structured to usebash -cto ensure environment variables likeLINE_TOKENare correctly passed within the execution context, which is a standard operational practice for shell-based agent skills. - [CREDENTIALS_UNSAFE]: Authentication is managed via the
LINE_TOKENenvironment variable, which is properly declared in thevm0_secretsmetadata. There are no hardcoded secrets or credentials present in the skill's instructions or code snippets. - [DATA_EXFILTRATION]: No unauthorized data transmission was identified. The skill only sends data provided by the user or agent to the official LINE API as required for the messaging functionality.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external identifiers like
USER_IDandREPLY_TOKEN. While these are ingestion points for untrusted data, the usage is consistent with the primary purpose of the skill, and commands are structured with quoting to mitigate basic shell injection risks.
Audit Metadata