spree-api-v3
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill fetches documentation and OpenAPI specifications from
spreecommerce.org, which is the official domain for the Spree Commerce project. This follows the standard practice of retrieving live specifications for API development. - Ingestion points: WebFetch calls to
spreecommerce.org(SKILL.md) - Boundary markers: None
- Capability inventory: Bash, Write, Edit, Grep, Glob (SKILL.md)
- Sanitization: None (Agent processes fetched text as technical documentation)
- [SAFE]: Authentication implementation guidance uses placeholders (e.g.,
<jwt>,<api_key>,<uuid>) and correctly identifies security best practices, such as recommending the use of httpOnly cookies for sensitive tokens and warning against storing secret keys in browser-accessible code. - [COMMAND_EXECUTION]: Provides a command to generate a TypeScript client using the well-known
@openapitools/openapi-generator-clipackage vianpx. This is a standard developer workflow and utilizes a tool from a recognized organization.
Audit Metadata