paxs-api
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses a standard OAuth2 authorization code flow with an agent polling mechanism. This is a secure method for third-party authentication that avoids direct handling of user credentials.
- [SAFE]: Authentication tokens are stored in a dedicated local file (
.tokens.json) within the skill's directory. This is a documented and acceptable practice for maintaining session state across interactions in agent environments. - [SAFE]: All external communications are directed to the vendor's official domain (
dzd.paxs.ai), which is consistent with the skill's purpose and the developer's identity. - [SAFE]: The skill includes explicit instructions for the agent to filter API responses and hide internal metadata or sensitive fields from the user, which is a security best practice to prevent information leakage.
- [SAFE]: The skill processes transcription data as part of its core functionality. While this presents a standard surface for indirect prompt injection, it is intrinsic to the primary purpose of the tool and no specific bypasses or malicious instructions were found.
Audit Metadata