object-functions
Warn
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill describes a platform feature where server-side logic is defined as JavaScript strings within YAML files and executed by the system.
- [CREDENTIALS_UNSAFE]: Example code demonstrating external ERP integration shows the use of sensitive environment variables such as 'process.env.ERP_API_KEY' within network request headers.
- [EXTERNAL_DOWNLOADS]: The documentation includes examples using 'node-fetch' to perform outbound network requests to external API endpoints.
- [COMMAND_EXECUTION]: The skill documents the 'directUpdate' and 'directInsert' methods which are designed to bypass system triggers, potentially allowing high-privilege database operations that circumvent standard validation logic.
Audit Metadata