render-skill

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs API requests to the official Render domain (api.render.com). These network operations are standard for the skill's purpose and use the official service provider's infrastructure.\n- [COMMAND_EXECUTION]: The script provides an option to launch an interactive psql shell using os.execvp. This is a safe implementation that replaces the current process with the database client and passes the connection string directly as an argument, bypassing the shell and mitigating injection risks.\n- [CREDENTIALS_UNSAFE]: The skill manages authentication by reading a Render API token from a local configuration file (config.json). This approach is a standard security practice for CLI tools to avoid hardcoding credentials in the source code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 06:05 PM
Security Audit — agent-trust-hub — render-skill