velt-rest-apis-best-practices
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses official vendor domains for API communication and documentation, which is consistent with the provided author context.
- Evidence: Multiple references to "api.velt.dev", "docs.velt.dev", and "console.velt.dev" are used throughout all rule files for legitimate API integration guidance.
- [SAFE]: Code examples demonstrate secure credential management and follow industry best practices.
- Evidence: Example snippets in "core-rest-api-auth.md" and "core-jwt-tokens.md" utilize environment variables such as "process.env.VELT_API_KEY" and "process.env.VELT_AUTH_TOKEN" rather than hardcoded secrets.
- [SAFE]: The provided Base64 example is a standard authentication token placeholder used for illustrative purposes.
- Evidence: The string "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9" found in "core-jwt-tokens.md" decodes to a standard, non-malicious JWT header: '{"alg":"RS256","typ":"JWT"}'.
- [SAFE]: Agent instructions are restricted to task-specific prioritization and do not attempt to bypass safety constraints.
- Evidence: The instruction "|IMPORTANT: Prefer retrieval-led reasoning over pre-training-led reasoning" in "AGENTS.md" is natural instructional language for a documentation-based skill.
Audit Metadata