spree-api-v3

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill fetches documentation and OpenAPI specifications from spreecommerce.org, which is the official domain for the Spree Commerce project. This follows the standard practice of retrieving live specifications for API development.
  • Ingestion points: WebFetch calls to spreecommerce.org (SKILL.md)
  • Boundary markers: None
  • Capability inventory: Bash, Write, Edit, Grep, Glob (SKILL.md)
  • Sanitization: None (Agent processes fetched text as technical documentation)
  • [SAFE]: Authentication implementation guidance uses placeholders (e.g., <jwt>, <api_key>, <uuid>) and correctly identifies security best practices, such as recommending the use of httpOnly cookies for sensitive tokens and warning against storing secret keys in browser-accessible code.
  • [COMMAND_EXECUTION]: Provides a command to generate a TypeScript client using the well-known @openapitools/openapi-generator-cli package via npx. This is a standard developer workflow and utilizes a tool from a recognized organization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 12:43 PM
Security Audit — agent-trust-hub — spree-api-v3