pinme-api
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides code snippets demonstrating how to perform network operations using the
fetchAPI to interact with PinMe's internal endpoints for email and LLM services. - [CREDENTIALS_UNSAFE]: Guidelines describe using an environment variable
API_KEYfor service authentication. No hardcoded credentials or secrets are present in the documentation. - [DATA_EXFILTRATION]: Communication is directed to
pinme.cloud, which is the official platform domain associated with the skill's functionality. - [PROMPT_INJECTION]: The example code for LLM integration ingests user-supplied text from request bodies, creating a surface for indirect prompt injection where malicious input could influence model behavior. \n
- Ingestion points:
handleChatandhandleChatStreamfunctions inSKILL.mdread user input from the request body. \n - Boundary markers: Not utilized in example code; user input is directly mapped to message content. \n
- Capability inventory: The code examples demonstrate network access to LLM APIs via
fetch. \n - Sanitization: No sanitization or filtering logic is included in the implementation examples.
Audit Metadata