line-platform
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill references the official LINE SDK via CDN (static.line-scdn.net) and npm (@line/liff). While these domains are not on the developer-defined global trusted list, they are the official vendor sources for the LINE Platform and are considered trustworthy for the skill's specific purpose.
- DATA_EXFILTRATION (SAFE): No unauthorized data access or exfiltration patterns were found. Documentation correctly highlights that credentials like the 'Channel Secret' and 'Access Token' must be stored securely as environment variables and never committed to code.
- COMMAND_EXECUTION (SAFE): The provided Python script (scripts/flex_builder.py) is used for generating static JSON structures. It does not use dangerous functions such as eval, exec, or subprocess.
- PROMPT_INJECTION (SAFE): The skill contains no instructions designed to override the agent's behavior or safety constraints. All instructions are focused on development workflows.
- INDIRECT PROMPT INJECTION (SAFE): The skill describes a vulnerability surface for receiving user messages (Messaging API webhooks). However, it provides standard developer documentation rather than an exploitable implementation. No unsafe interpolation of untrusted data was found in the provided template scripts.
Audit Metadata