model-list
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to query a model proxy API. A thorough analysis of the instructions and the TypeScript execution script revealed no indicators of prompt injection, obfuscation, or unauthorized access to system resources.
- [DATA_EXFILTRATION]: The script performs network requests to 'https://new.fortao.cn' to retrieve model definitions. This behavior is restricted to the skill's stated purpose and does not involve the exfiltration of sensitive local data or credentials.
- [CREDENTIALS_UNSAFE]: The skill implements secure credential management by reading the API key from the 'TINY_LLM_PROXY_KEY' environment variable, rather than requiring hardcoded secrets.
Audit Metadata