sso-embed
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the Looker Embed SDK and Looker Python SDK. These are official packages provided by Looker (a Google Cloud service) and are hosted on well-known platforms like GitHub and public package registries.
- [COMMAND_EXECUTION]: Includes JavaScript and Python code snippets for initializing the SDK and generating signed URLs. The implementation uses standard cryptographic libraries (hmac, hashlib) and secure random number generation (os.urandom) for nonces.
- [CREDENTIALS_UNSAFE]: The skill correctly instructs users to ensure environment variables are set for sensitive credentials rather than hardcoding them within the code snippets.
- [DATA_EXFILTRATION]: No unauthorized network operations or data transfer patterns were detected. The network calls described (auth endpoints) are necessary components of the SSO architecture.
Audit Metadata