Skills
skills/lchrennew/es-workflow/trigger-config-writer/Gen Agent Trust Hub

trigger-config-writer

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides structured guidance and templates for managing configuration-as-code within the es-triggers ecosystem. All script examples provided are functional snippets for the platform and use placeholder domains for external service calls.
  • [DATA_EXPOSURE]: The skill and its associated documentation do not contain hardcoded credentials, secrets, or paths to sensitive local system files. Example configurations use non-existent domains like 'example.com' for API endpoints.
  • [INDIRECT_PROMPT_INJECTION]: The skill defines a system that processes untrusted external data (HTTP webhooks). While this represents a potential attack surface, it is the primary and intended purpose of the es-triggers platform.
  • Ingestion points: headers, body, and query variables in binding.md and source-interceptor.md.
  • Boundary markers: The skill does not explicitly provide instructions for boundary marking, but the system's design separates variables from templates.
  • Capability inventory: The platform supports network operations via the api() function and state management via redis.
  • Sanitization: Instructions focus on logic and transformation; sanitization of external input is left to the user's implementation.
  • [REMOTE_CODE_EXECUTION]: While the skill facilitates the creation of executable JavaScript for the es-triggers platform, it does not use dangerous patterns such as 'curl | bash' or 'eval' of untrusted remote content. All script generation is based on the platform's specific API surface.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 12:32 AM