pikastream
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts with the Pika Developer API via standard network requests to the
pika.artdomain, consistent with its stated purpose and vendor identity. - [SAFE]: Authentication is securely handled using environment variables (
PIKA_TOKEN), avoiding the risk of hardcoded credentials. - [SAFE]: No obfuscation, remote code execution, or persistence mechanisms were detected in the instructions or command templates.
- [SAFE]: Usage of local temporary files (
/tmp/pika_topup.json) is limited to preparing request payloads for top-up operations and does not pose a privilege escalation or data leakage risk. - [SAFE]: While the skill processes user-supplied meeting URLs and prompts, it does not use them in a way that risks the integrity of the local execution environment.
Audit Metadata