Skills
skills/stahura/domo-ai-vibe-rules/jsapi-filters/Gen Agent Trust Hub

jsapi-filters

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides documentation for the Domo JS API integration using MessagePort and JSON-RPC 2.0.
  • [SAFE]: No hardcoded credentials, sensitive file access, or unauthorized network operations were identified.
  • [SAFE]: The skill includes explicit security warnings correctly identifying client-side filters as UX features rather than security boundaries.
  • [SAFE]: Category 8 Analysis: The skill processes data from external iframes via MessagePort. 1. Ingestion points: Data enters via window.onmessage and port.onmessage in SKILL.md. 2. Boundary markers: Communication is structured using the JSON-RPC 2.0 protocol. 3. Capability inventory: Capabilities are limited to postMessage calls and DOM manipulation for iframe resizing. 4. Sanitization: The skill handles data as structured RPC objects, though adding origin validation to the message listener is recommended for implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 08:38 PM
Security Audit — agent-trust-hub — jsapi-filters