Skills
skills/airbytehq/airbyte-agent-sdk/bootstrapping-agent/Gen Agent Trust Hub

bootstrapping-agent

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes instructions to install the airbyte-agent-sdk package via uv pip install. This is the standard installation method for the vendor's official library.
  • [CREDENTIALS_UNSAFE]: The code samples correctly demonstrate the use of os.getenv() to load sensitive credentials like AIRBYTE_CLIENT_ID and AIRBYTE_CLIENT_SECRET from the environment, and the documentation explicitly advises against hardcoding credentials by using a .env file template.
  • [DATA_EXPOSURE]: The skill identifies and handles sensitive data appropriately, emphasizing a 'hosted mode' that uses managed authentication instead of local authentication code.
  • [INDIRECT_PROMPT_INJECTION]: The stripe_execute tool provides an interface that processes user-supplied parameters (entity, action, params) for API execution. While this creates an attack surface for indirect injection if external data is passed through these tools, the skill provides a standard implementation pattern consistent with its purpose of bootstrapping connector tools.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 06:49 PM
Security Audit — agent-trust-hub — bootstrapping-agent