ciphr
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill correctly instructs users to use environment variables (
APIDECK_API_KEY,APIDECK_APP_ID) for sensitive credentials rather than hardcoding them, following established security best practices. - [SAFE]: All external URL references and network operations, including API calls and documentation links, target official vendor domains (
apideck.com,unify.apideck.com) or the primary service provider (ciphr.com). - [SAFE]: The skill processes data from external HRIS systems. While this ingestion represents a theoretical surface for indirect prompt injection if the source system is compromised, the skill's instructions focus on standard API interactions and do not introduce unsafe capabilities or execution patterns.
- [SAFE]: No obfuscation, persistence mechanisms, or unauthorized privilege escalation techniques were detected in the provided skill files.
Audit Metadata