python
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the
appwritepackage, which is the official library provided by the vendor for interacting with their platform. - [CREDENTIALS_UNSAFE]: Code examples appropriately use environment variables (
os.environ) to handle sensitive data like theAPPWRITE_API_KEY, avoiding the risk of hardcoded secrets. - [PROMPT_INJECTION]: The skill identifies surfaces for indirect injection where external data is processed in web handlers or serverless functions.
- Ingestion points: Untrusted data enters the agent context via
request.json,request.args, andcontext.req.body_jsonin the SSR and Function examples inSKILL.md. - Boundary markers: None are present in the provided code snippets.
- Capability inventory: The skill enables database writes (
tables_db.create_row), file uploads (storage.create_file), and user management (users.create). - Sanitization: The snippets show basic data handling without explicit sanitization or validation logic.
Audit Metadata