scalekit-code-doctor
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches live SDK reference documentation from official Scalekit GitHub repositories (e.g., github.com/scalekit-inc) and its documentation portal (docs.scalekit.com). These downloads are restricted to well-known vendor resources and are used for ensuring code accuracy.
- [SAFE]: The instructions explicitly promote security best practices for developers, such as implementing CSRF validation, using secure cookie attributes (HttpOnly, Secure, SameSite: Lax), and verifying webhook signatures using raw request bodies.
- [SAFE]: The skill correctly advises against hardcoding credentials like client secrets, recommending the use of environment variables instead. No instances of credential harvesting or persistence mechanisms were found.
- [SAFE]: No obfuscation, prompt injection, or suspicious dynamic execution patterns were detected in the skill instructions or reference files.
Audit Metadata