resemble-detect
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Authentication is handled via the RESEMBLE_API_KEY environment variable, following standard security practices for managing sensitive credentials without hardcoding them.
- [SAFE]: Network traffic is restricted to the legitimate Resemble AI API domain (app.resemble.ai). No unauthorized or suspicious remote connections were identified.
- [SAFE]: The skill processes external media via URLs and includes explicit instructions (the IRON LAW) requiring the agent to use only the API's validated results. This serves as a safeguard against potential indirect prompt injection from malicious content in analyzed media.
- [SAFE]: The skill documentation explicitly discourages the use of local file paths, preventing accidental exposure or exfiltration of local system data to the external API.
- [SAFE]: No evidence of obfuscation, malicious command execution, privilege escalation, or persistence mechanisms was found across any of the analyzed files.
Audit Metadata