taruvi-functions
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consistently enforces security best practices by requiring the use of the
sdk_client.secrets.get()method for secret management and explicitly forbidding hardcoded credentials in the function code. - [SAFE]: External network interactions demonstrated in scenarios target legitimate and expected endpoints for the skill's context, such as Slack webhooks and OpenAI's API, which align with the described functionality of building backend logic.
- [SAFE]: The Python environment described includes a well-defined set of standard and reputable libraries (e.g., pandas, boto3, openai) suitable for serverless business logic, with no suspicious or unverified dependencies identified.
- [SAFE]: While the skill teaches handling external data via webhook receivers, it includes explicit instructions to validate all input parameters before performing side effects, demonstrating a proactive approach to mitigating injection risks.
Audit Metadata