contentstack-utils
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security threats detected. The skill provides architectural and usage guidelines for the Contentstack Python CDA SDK.
- [DATA_EXPOSURE]: The documentation identifies parameters for authentication (API keys, delivery tokens, environment) as part of the SDK's initialization process. No hardcoded credentials, sensitive file access, or unsafe data exposure patterns were found.
- [EXTERNAL_DOWNLOADS]: The listed dependencies (requests, urllib3, python-dateutil) are reputable, well-known libraries within the Python ecosystem. No suspicious or unverified third-party packages are used.
- [COMMAND_EXECUTION]: The skill does not contain instructions for executing shell commands, spawning subprocesses, or acquiring elevated privileges.
- [PROMPT_INJECTION]: No patterns were found that attempt to override the agent's behavior, bypass safety guidelines, or extract system prompts.
- [INDIRECT_PROMPT_INJECTION]: The skill describes a surface for processing external data from the Contentstack API. While this is an ingestion point, it is the intended functionality of the SDK integration.
- Ingestion points: Data fetched from Contentstack via entries, assets, and queries.
- Boundary markers: None explicitly mentioned in the instructions.
- Capability inventory: Network communication via requests.Session in https_connection.py.
- Sanitization: Not explicitly documented in the skill; expected to be managed by the SDK's internal logic or the agent's response handling.
Audit Metadata