skills/appwrite/claude-plugin/python/Gen Agent Trust Hub

python

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs users to install the appwrite package, which is the official library provided by the vendor for interacting with their platform.
  • [CREDENTIALS_UNSAFE]: Code examples appropriately use environment variables (os.environ) to handle sensitive data like the APPWRITE_API_KEY, avoiding the risk of hardcoded secrets.
  • [PROMPT_INJECTION]: The skill identifies surfaces for indirect injection where external data is processed in web handlers or serverless functions.
  • Ingestion points: Untrusted data enters the agent context via request.json, request.args, and context.req.body_json in the SSR and Function examples in SKILL.md.
  • Boundary markers: None are present in the provided code snippets.
  • Capability inventory: The skill enables database writes (tables_db.create_row), file uploads (storage.create_file), and user management (users.create).
  • Sanitization: The snippets show basic data handling without explicit sanitization or validation logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 12:00 PM
Security Audit — agent-trust-hub — python