bloque-sdk-ts
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate documentation for the Bloque SDK. All external resources, including the @bloque/* package scope and example URLs, align with the vendor's identity.
- [PROMPT_INJECTION]: The skill documents an indirect prompt injection surface associated with processing external financial data but provides robust mitigation guidelines.
- Ingestion points: Webhook payloads (references/webhooks.md) and transaction movement metadata (references/transfers.md).
- Boundary markers: Explicit 'Security Boundaries' are defined in SKILL.md and 'Trust Boundary' warnings are included in references/webhooks.md.
- Capability inventory: Capabilities are limited to financial API calls through the SDK; no dangerous system commands or dynamic evaluations are documented.
- Sanitization: The documentation includes an explicit example of a sanitization function (sanitizeMovementMetadata in references/accounts.md) to handle external merchant data safely.
Audit Metadata