etsy
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides integration instructions and configuration examples for the Etsy connector. It adheres to security best practices by instructing users to manage sensitive credentials like
APIDECK_API_KEYandAPIDECK_APP_IDvia environment variables rather than hardcoding them. - [EXTERNAL_DOWNLOADS]: The skill references resources from the vendor's official domains (
apideck.com,specs.apideck.com) and well-known service providers (etsy.com,developers.etsy.com). These references are informative and used for technical documentation purposes. - [PROMPT_INJECTION]: The skill's primary function is to process data from an external service (Etsy), which creates a surface for indirect prompt injection if the retrieved content contains instructions. This is a characteristic of data-processing skills and is noted as a risk factor.
- Ingestion points: Data retrieved from Etsy API (orders, products, customers, stores).
- Boundary markers: No explicit instruction delimiters or 'ignore embedded instructions' warnings are present in the documentation.
- Capability inventory: The skill facilitates read and write operations on Etsy resources through the Apideck API.
- Sanitization: No data sanitization or validation logic is specified in the instruction set for processing external responses.
Audit Metadata