Skills
skills/glitternetwork/pinme/pinme-auth/Gen Agent Trust Hub

pinme-auth

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill provides documentation and implementation examples for a project's authentication API using the PinMe platform.
  • [SAFE]: Network interactions documented target the platform's service domain (pinme.cloud).
  • [SAFE]: The instructions include security best practices, such as distinguishing between server-side API keys and public client configurations for Firebase.
  • [PROMPT_INJECTION]: The skill documents methods for retrieving user-controlled data (e.g., display names and emails) from the authentication service, which creates an attack surface for indirect prompt injection.
  • Ingestion points: User profile fields such as display_name and email returned by the list_users, getAuthUser, and verify_token API endpoints in SKILL.md.
  • Boundary markers: None identified; the provided code snippets show direct processing of JSON responses without the use of delimiters or isolation instructions.
  • Capability inventory: The documented integration utilizes network capabilities via fetch and potentially interacts with a database (D1Database) as shown in the environment configuration in SKILL.md.
  • Sanitization: No sanitization or validation logic is present in the code examples to filter malicious content within user-supplied profile data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 01:39 PM
Security Audit — agent-trust-hub — pinme-auth