detour-onboarding
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates the setup of the Detour SDK. All external references, such as GitHub links and package installations (npm, Maven, CocoaPods, pub.dev), point to official repositories within the 'software-mansion-labs' organization, aligning with standard vendor resource patterns.
- [SAFE]: The instructions promote secure credential handling by advising users to store API keys and App IDs in environment variables or git-ignored files like '.env' and 'local.properties' rather than hardcoding them in the application source code.
- [SAFE]: Commands provided for development tasks, such as using the Android Debug Bridge (adb) to verify App Links on Android 12+, are standard industry practices and do not involve unauthorized privilege escalation or dangerous execution patterns.
- [SAFE]: Although the skill includes instructions to fetch live README files from GitHub to ensure documentation is up-to-date, the source is restricted to the vendor's official public repositories, posing no significant risk of indirect prompt injection or malicious code execution.
Audit Metadata