honcho-integration
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate integration logic for the Honcho memory service. It uses standard tools (Grep, Glob) for codebase analysis and official package managers for dependency installation.
- [CREDENTIALS_UNSAFE]: The skill implements secure credential handling by using environment variables (
HONCHO_API_KEY) and explicitly instructing users against hardcoding secrets. - [EXTERNAL_DOWNLOADS]: Dependencies are fetched from official registries (PyPI, NPM) using trusted tools like
uvandbun. The skill references official documentation and repositories from the vendor. - [DATA_EXFILTRATION]: Network activity is restricted to the Honcho API service for the purpose of synchronizing conversation data as intended by the skill's functionality.
- [PROMPT_INJECTION]: The skill ingests historical chat data and memory files for migration purposes. It employs XML tags as boundary markers to help the AI distinguish this content from active instructions, following safety best practices for handling untrusted data.
Audit Metadata