autosave
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates a strong security posture by centralizing all API interactions within a dedicated script (
scripts/api.cjs) and implementing an output sanitization mechanism (scripts/sanitize.cjs) to redact authentication tokens from logs and agent responses. - [CREDENTIALS_UNSAFE]: The skill correctly handles sensitive authentication material by using environment variables (
AUTO_SAVE_TOKEN) and includes explicit instructions for users to avoid hardcoding or committing secrets to version control. No hardcoded credentials were found. - [COMMAND_EXECUTION]: Interaction with the local environment is restricted to the execution of Node.js scripts specifically designed for the service's API. The skill does not perform arbitrary system commands or unauthorized file modifications.
- [DATA_EXFILTRATION]: Network communication is limited to the service's base URL as configured by the user. The skill implements proactive measures to ensure that sensitive data like authentication tokens are not leaked during these operations.
Audit Metadata