Skills
skills/adrianmg/league-sdk/league-sdk/Gen Agent Trust Hub

league-sdk

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill utilizes the league-sdk package and npx league-sdk-assets from the npm registry, which are unverifiable external dependencies for this skill.
  • REMOTE_CODE_EXECUTION (LOW): The npx league-sdk-assets command downloads and executes code from the npm registry at runtime.
  • Indirect Prompt Injection (LOW): The skill processes untrusted data from the Riot Games API. Ingestion points: getByRiotId, getMatches, getLiveGame. Boundary markers: Absent. Capability inventory: Network access (Riot API), console output. Sanitization: None observed in the provided code snippets.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:22 PM