inspect-calls-and-metrics
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides code examples that execute a local web server (FastAPI or Express) using the
phone.serve()method to host a monitoring dashboard. - [DATA_EXFILTRATION]: The server configuration includes a
tunnel=Trueparameter, which utilizes an external service to expose the local dashboard to the internet. As the dashboard contains call transcripts (PII), this feature represents a significant data exposure risk if the recommended authentication (bearer tokens) is not implemented. The author provides clear security warnings regarding this behavior. - [CREDENTIALS_UNSAFE]: The documentation includes a placeholder authentication token (
hunter2-rotate-me) in code examples for the dashboard security feature. - [SAFE]: The
getpatterlibrary and documentation links are resources provided by the verified author of the skill.
Audit Metadata