datocms-cma
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill adheres to best practices for DatoCMS project management.
- [EXTERNAL_DOWNLOADS]: Fetches official libraries from the npm registry, including 'datocms', '@datocms/cma-client', and related utilities. These are trusted resources provided by the skill author.
- [COMMAND_EXECUTION]: Utilizes the 'datocms' CLI for project linking, environment management, and script execution, which is the standard and intended usage for this skill.
- [PROMPT_INJECTION]: The skill was evaluated for indirect prompt injection risks. It processes content from DatoCMS records (Ingestion: 'items' resource) and possesses capabilities to modify data and execute CLI commands. While it lacks explicit sanitization for ingested record content, this represents an inherent data-processing surface for content management tools and no malicious exploit patterns are present.
Audit Metadata