vibe-prospecting

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: Authentication and Credential Management
  • The skill utilizes the official Explorium OAuth2 device authorization flow and API key authentication.
  • Credentials (API keys and access tokens) are stored locally in the user's home directory (~/.agentsource/config.json) with restrictive file system permissions (0600), ensuring they are only accessible by the owner.
  • [SAFE]: Network Security
  • All network communications are directed exclusively to verified and expected domains: api.explorium.ai and explorium.auth0.com.
  • The CLI tool uses the Python standard library's urllib for requests, avoiding risks associated with external dependency vulnerabilities.
  • [SAFE]: Data Privacy and Context Protection
  • The skill implements a robust privacy model by writing large API responses to local temporary files (/tmp/agentsource_*.json). This prevents sensitive data or large payloads from entering the AI's conversation context, which protects both privacy and context window limits.
  • [SAFE]: Software Integrity
  • The installation script (setup.sh) and core logic (agentsource.py) do not download external code or scripts at runtime.
  • The skill is implemented using pure Python (standard library only), which eliminates supply chain risks associated with third-party packages.
  • [SAFE]: Indirect Prompt Injection Mitigation
  • The skill includes specific instructions to the agent to only ingest metadata and small samples from user-provided CSV files, reducing the surface area for potential indirect prompt injection attacks from untrusted data sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 07:55 AM
Security Audit — agent-trust-hub — vibe-prospecting