Skills
skills/steedos/steedos-platform/steedos-object-buttons/Gen Agent Trust Hub

steedos-object-buttons

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides documentation and examples for creating custom action buttons using YAML and the Amis JSON framework. The instructions and code samples follow legitimate platform development practices.
  • [COMMAND_EXECUTION]: The skill describes the use of JavaScript snippets within the amis_schema field (e.g., in requestAdaptor, adaptor, and visibleOn properties). These are documented features of the Amis framework used by the Steedos platform for data mapping and conditional UI logic, not arbitrary system command execution.
  • [EXTERNAL_DOWNLOADS]: The examples include AJAX network requests to relative API endpoints (e.g., /api/v6/functions/...). These are internal platform calls required for the buttons' functionality and do not point to untrusted external sources.
  • [DATA_EXFILTRATION]: While the skill demonstrates how to pass record IDs and form data to API endpoints, this is the intended purpose of the buttons. The data remains within the vendor's platform environment as defined by the relative URL paths.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 05:46 AM
Security Audit — agent-trust-hub — steedos-object-buttons