upstash-qstash-js

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to install the official Upstash QStash SDK (@upstash/qstash) and the common dotenv utility from the standard NPM registry, which are expected and safe dependencies for this functionality.\n- [COMMAND_EXECUTION]: The skill includes a local utility script verify-multi-region-setup.ts designed to validate environment variables. This script is intended for developer use and safely masks sensitive values before outputting them to the console, performing no network operations.\n- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill correctly implements security measures such as HMAC signature verification for incoming messages and recommends the use of environment variables for managing credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 05:34 PM
Security Audit — agent-trust-hub — upstash-qstash-js