pier-cloud

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: Detailed analysis of the 16 provided files revealed no security vulnerabilities, malicious code, or deceptive instructions. The skill's behavior aligns perfectly with its stated purpose of providing an API client for Pier Cloud.
  • [CREDENTIALS_UNSAFE]: The skill implements a secure approach to credential management by instructing users to store sensitive API keys in a .env file rather than hardcoding them. The scripts use the python-dotenv library to load these variables at runtime, which is a standard industry practice for local development tools.
  • [EXTERNAL_DOWNLOADS]: The project specifies two external dependencies, requests and python-dotenv. Both are established, widely-used libraries in the Python ecosystem. No suspicious remote script execution or binary downloads were found.
  • [DATA_EXFILTRATION]: While the scripts read credentials and transmit data over the network, all communication is directed to the official Pier Cloud API domain (api.piercloud.io). This network activity is necessary for the skill's functionality and does not constitute unauthorized data exfiltration.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests data from the Pier Cloud API (e.g., workspace names, cost records) to display it to the user. While there are no specific boundary markers for this data in the prompts, the structured nature of the JSON responses and the intended FinOps context present a negligible risk of indirect prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 06:21 AM
Security Audit — agent-trust-hub — pier-cloud