vibe-prospecting
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Authentication and Credential Management
- The skill utilizes the official Explorium OAuth2 device authorization flow and API key authentication.
- Credentials (API keys and access tokens) are stored locally in the user's home directory (
~/.agentsource/config.json) with restrictive file system permissions (0600), ensuring they are only accessible by the owner. - [SAFE]: Network Security
- All network communications are directed exclusively to verified and expected domains:
api.explorium.aiandexplorium.auth0.com. - The CLI tool uses the Python standard library's
urllibfor requests, avoiding risks associated with external dependency vulnerabilities. - [SAFE]: Data Privacy and Context Protection
- The skill implements a robust privacy model by writing large API responses to local temporary files (
/tmp/agentsource_*.json). This prevents sensitive data or large payloads from entering the AI's conversation context, which protects both privacy and context window limits. - [SAFE]: Software Integrity
- The installation script (
setup.sh) and core logic (agentsource.py) do not download external code or scripts at runtime. - The skill is implemented using pure Python (standard library only), which eliminates supply chain risks associated with third-party packages.
- [SAFE]: Indirect Prompt Injection Mitigation
- The skill includes specific instructions to the agent to only ingest metadata and small samples from user-provided CSV files, reducing the surface area for potential indirect prompt injection attacks from untrusted data sources.
Audit Metadata