otel-expo-style
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECREDENTIALS_UNSAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the user to hardcode an API ingestion key directly in the source code.
- Evidence:
const SUPERLOG_KEY = "superlog_live_…";inSKILL.md. - The documentation suggests that inlining the key is the "right default" for Expo builds to avoid complexity with build-time environment variables. While the key is intended to be write-only, hardcoding credentials in source files is a security risk and complicates secret rotation.
- Mitigation: Use environment variables (such as
EXPO_PUBLIC_*in Expo) or a secure secret management system to handle API keys and sensitive configuration.
Audit Metadata