Skills
skills/revenuecat/ai-toolkit/integrate-revenuecat/Gen Agent Trust Hub

integrate-revenuecat

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides installation instructions for RevenueCat SDKs using official GitHub repositories and standard package registries (NPM, MavenCentral, CocoaPods, Pub.dev).
  • [SAFE]: The instructions explicitly warn against including secret API keys in client-side code, directing users to use public SDK keys instead (e.g., keys prefixed with appl_ or goog_).
  • [SAFE]: The skill recommends industry-standard secret management practices, such as using environment variables or platform-specific configuration files (.env, xcconfig, local.properties) to keep keys out of source control.
  • [SAFE]: The skill performs project introspection by reading local configuration files (e.g., Info.plist, AndroidManifest.xml, package.json) to automatically detect the development platform and app identifiers, which is the expected and intended behavior for a developer integration tool.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 07:46 PM