trigger-dev
Enables the creation of reliable background jobs in serverless environments, handling long-running tasks and asynchronous processing.
Install this skill
or
67/100
Security score
The trigger-dev skill was audited on Mar 7, 2026 and we found 9 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 80
Template literal with variable interpolation in command context
SourceSKILL.md
| 80 | uploadToS3(`thumbs/${payload.userId}/thumb.webp`, thumbnail), |
medium line 81
Template literal with variable interpolation in command context
SourceSKILL.md
| 81 | uploadToS3(`images/${payload.userId}/medium.webp`, medium), |
medium line 82
Template literal with variable interpolation in command context
SourceSKILL.md
| 82 | uploadToS3(`images/${payload.userId}/large.webp`, large), |
medium line 182
Template literal with variable interpolation in command context
SourceSKILL.md
| 182 | console.log(`Processed ${processed}/${records.length}`) |
medium line 208
Template literal with variable interpolation in command context
SourceSKILL.md
| 208 | 'Authorization': `Bearer ${process.env.OPENAI_API_KEY}`, |
low line 205
Fetch to external URL
SourceSKILL.md
| 205 | const response = await fetch('https://api.openai.com/v1/embeddings', { |
medium line 5
Webhook reference - potential data exfiltration
SourceSKILL.md
| 5 | long-running tasks in the background, process webhooks reliably, build async |
low line 208
Access to .env file
SourceSKILL.md
| 208 | 'Authorization': `Bearer ${process.env.OPENAI_API_KEY}`, |
low line 205
External URL reference
SourceSKILL.md
| 205 | const response = await fetch('https://api.openai.com/v1/embeddings', { |
Scanned on Mar 7, 2026
View Security Dashboard