automation-pilot-content-management-via-api

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl and jq to facilitate communication with the SAP Automation Pilot Content API. These operations are restricted to the skill's defined purpose of managing automation resources such as catalogs, commands, and webhooks.
  • [EXTERNAL_DOWNLOADS]: Network operations are directed solely toward official SAP domains (e.g., *.autopilot.cloud.sap). There is no evidence of the skill downloading or executing code from untrusted third-party sources.
  • [CREDENTIALS_UNSAFE]: Authentication is handled via environment variables (AUTOPI_USERNAME and AUTOPI_PASSWORD), which is the recommended method for secure credential handling in this context. Example data provided in the documentation uses obvious mock values (e.g., 'secret123') for illustrative purposes only.
  • [PROMPT_INJECTION]: The skill contains internal safety instructions, such as guidelines to avoid automatic release of commands and requiring explicit user consent for sensitive actions. These function as operational guardrails rather than malicious injection patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 10:44 AM
Security Audit — agent-trust-hub — automation-pilot-content-management-via-api