typeform
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto interact with the Typeform API. All requests are directed to official Typeform domains, which are well-known services. - [EXTERNAL_DOWNLOADS]: The skill includes instructions to download files uploaded by users to Typeform using
curl. While these files are saved to a temporary directory (/tmp/typeform_upload), the skill does not instruct the agent to execute them. The automated scanner's alert regarding remote code execution appears to be a false positive as no execution step is present. - [CREDENTIALS_UNSAFE]: The skill manages authentication using a
TYPEFORM_TOKENenvironment variable. It correctly instructs users on the required format and usage via Bearer tokens in headers without hardcoding any secrets.
Audit Metadata