raycast-extensions

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill provides instructional material and reference documentation for developing Raycast extensions, following standard industry practices and the official guidelines for the platform.
  • [CREDENTIALS_UNSAFE]: A hardcoded dummy API key (dict_live_sk_8f3a9b2c1d4e5f6a7b8c9d0e) is present in evals/fixtures/dictionary-flawed/src/search.tsx. However, this is part of a test fixture explicitly designed to evaluate the skill's ability to detect insecure coding practices and is not a functional credential for the skill itself.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface as it is designed to review and process external code files (e.g., in the review-flawed-extension task).
  • Ingestion points: The skill reads contents from package.json and src/*.tsx files provided by the user for review.
  • Boundary markers: No explicit delimiters or warnings to ignore embedded instructions are provided when the agent interpolates file content into its reasoning process.
  • Capability inventory: The skill provides instructions for generating code, suggesting shell commands (npm/ray), and performing network requests via hooks.
  • Sanitization: No sanitization or validation of the provided code content is mentioned before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 04:40 PM
Security Audit — agent-trust-hub — raycast-extensions