Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/attio-hello-world/Gen Agent Trust Hub

attio-hello-world

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues were detected. The skill provides legitimate documentation and code examples for the Attio API.
  • [DATA_EXFILTRATION]: The skill performs network requests to https://api.attio.com. Attio is a well-known CRM service, and the use of the API is consistent with the skill's stated purpose. Credentials are managed via an environment variable (ATTIO_API_KEY), which is a standard security practice.
  • [INDIRECT_PROMPT_INJECTION]: The skill identifies surfaces where external data is ingested into the agent context.
  • Ingestion points: API responses from https://api.attio.com/v2/objects and https://api.attio.com/v2/objects/people/attributes in SKILL.md.
  • Boundary markers: None present in the instructional examples.
  • Capability inventory: The skill utilizes curl for network operations and provides logic for record creation and modification via TypeScript snippets.
  • Sanitization: No explicit sanitization of the structured JSON data from the API is shown in these introductory examples.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:45 PM
Security Audit — agent-trust-hub — attio-hello-world