Skills
skills/stahura/domo-ai-vibe-rules/json-no-code-connector/Gen Agent Trust Hub

json-no-code-connector

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes instructions to use curl for fetching API data and python3 -m json.tool for formatting the output. This is a standard developer workflow for inspecting JSON structures and does not execute the remote content as a script.
  • [DATA_EXFILTRATION]: The skill is designed to facilitate the transfer of data from external REST APIs into Domo. It correctly utilizes placeholders for sensitive credentials, such as {devToken} and your-api-key-here, adhering to security best practices by avoiding hardcoded secrets.
  • [REMOTE_CODE_EXECUTION]: The automated scan flagged a potential remote code execution via a pipe to python3. However, technical analysis confirms this usage is specifically restricted to the safe json.tool standard library module for pretty-printing data, posing no threat of arbitrary code execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 05:19 AM