apaas-builder
Pass
Audited by Gen Agent Trust Hub on Jul 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate documentation and code examples for interacting with an aPaaS SDK. All operations (listing, details, URL generation) are standard for the described purpose.\n- [CREDENTIALS_UNSAFE]: No hardcoded credentials, API keys, or secrets were identified in the skill metadata or instructions.\n- [REMOTE_CODE_EXECUTION]: The skill does not invoke shell commands or execute remote scripts; it uses a defined SDK interface.\n- [DATA_EXFILTRATION]: No evidence was found of data being transmitted to unauthorized external domains.\n- [PROMPT_INJECTION]: The skill does not contain instructions to bypass safety filters or ignore system prompts. Note on potential Indirect Injection surface: The skill ingests untrusted data from the aPaaS environment (Ingestion points: client.page.listWithIterator and client.page.detail in SKILL.md), has no explicit boundary markers or sanitization, and possesses the capability to generate and display URLs. However, this is a standard operational surface for a builder tool and presents no significant security risk in this context.
Audit Metadata