acerta
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructions for an AI agent to use the Acerta HRIS connector via Apideck's unified API infrastructure. Analysis of the skill's code and documentation shows no malicious patterns.
- [EXTERNAL_DOWNLOADS]: The skill references the
@apideck/unifyNode.js package and OpenAPI specifications hosted onspecs.apideck.com. These are official resources provided by the vendor (Apideck). - [CREDENTIALS_UNSAFE]: No hardcoded credentials were detected. The skill correctly instructs the user to provide API keys and application IDs via environment variables (
process.env.APIDECK_API_KEY,process.env.APIDECK_APP_ID). - [DATA_EXFILTRATION]: Network operations are restricted to Apideck's official API endpoints (
unify.apideck.com) for the purpose of resource management and coverage verification. There is no evidence of unauthorized data transmission. - [INDIRECT_PROMPT_INJECTION]: As a data connector, the skill facilitates the ingestion of HRIS data (employees, payroll, time-off) from Acerta into the agent's context. While this represents an ingestion surface for untrusted data, it is the primary intended function of the skill and does not involve unsafe interpolation or execution of that data.
Audit Metadata