vss-query-analytics

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill correctly manages sensitive credentials, such as NGC_CLI_API_KEY and NVIDIA_API_KEY, by advising their use via environment variables rather than hardcoding them.
  • [SAFE]: It contains a dedicated 'Scope guard' section that explicitly warns the agent about the risks of indirect prompt injection. It instructs the agent to treat analytics and alert payloads as untrusted input and strictly prohibits performing infrastructure changes (like auto-deployments) based on the content of these payloads.
  • [SAFE]: The shell-based interactions using curl, jq, and docker are legitimate operational commands intended for interacting with a specific microservice architecture (VA-MCP) at a user-defined or local host IP address.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 09:11 PM
Security Audit — agent-trust-hub — vss-query-analytics