airtable
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: Authentication is managed through the
$AIRTABLE_TOKENenvironment variable, preventing sensitive credentials from being hardcoded in the skill files. - [SAFE]: The skill limits its external communication to the official Airtable API domain (
api.airtable.com), which is recognized as a well-known and trusted service. - [COMMAND_EXECUTION]: The skill utilizes standard system utilities including
curlfor network requests andjqfor parsing JSON data. It also usescatto create temporary request payload files in/tmp/. - [SAFE]: The skill exhibits an attack surface for indirect prompt injection (Category 8) because it processes potentially untrusted data from external sources. Ingestion points: Airtable records and comments fetched via API calls in
SKILL.md. Boundary markers: None identified. Capability inventory: Performs network requests and writes to the local filesystem (/tmp/). Sanitization: No explicit sanitization or validation of the ingested data is present.
Audit Metadata