{"slug":"toby-bridges-api-relay-audit","name":"API Relay Audit","description":"Local security audit for AI API relays and LLM proxies: detects prompt injection, model substitution, tool-call rewriting, SSE anomalies, error leakage, and Web3 wallet risks.","tagline":"Local security audit for AI API relays and LLM proxies: detects prompt injection, model substitution, tool-call rewriting, SSE anomalies, error leakage, and Web3 wallet risks.","category":"agent-frameworks","tags":["agents","ai-agents","ai-audit","ai-security","anthropic","api-gateway","claude","cli","llm-audit","llm-proxy"],"author":{"name":"toby-bridges","verified":false,"url":"https://github.com/toby-bridges"},"attribution":{"status":"community_indexed","statusLabel":"Community indexed","shortLabel":"COMMUNITY INDEXED","sourceLabel":"GitHub star discovery","sourceDetail":"toby-bridges/api-relay-audit","creatorName":"toby-bridges","creatorUrl":"https://github.com/toby-bridges","sourceUrl":"https://github.com/toby-bridges/api-relay-audit","indexedBy":"OpenAgentSkill community index","claimUrl":"https://www.openagentskill.com/skills/toby-bridges-api-relay-audit#claim-this-skill","claimCta":"Claim this skill","trustNote":"This listing was indexed from public sources and is not marked official until a maintainer claim is approved.","publicNote":"Attribution links to the public repository or creator profile. Creators can claim the listing to update ownership signals."},"stats":{"stars":696,"forks":64,"downloads":0,"rating":0,"review_count":0,"quality_score":53.6},"quality":{"score":86,"tier":"excellent","label":"Excellent","summary":"High-confidence pick with strong adoption and healthy maintenance signals.","signals":[{"label":"GitHub stars","value":"696","tone":"positive"},{"label":"Freshness","value":"4d ago","tone":"positive"},{"label":"Install ready","value":"Yes","tone":"positive"},{"label":"License","value":"AGPL-3.0","tone":"neutral"}],"warnings":[]},"trust":{"version":"trust-score-v3","score":83,"tier":"strong","label":"Strong shortlist","summary":"Good trust signals with a few areas worth checking before rollout.","recommendedAction":"Test in a sandbox workflow and compare its install path with close alternatives.","dimensions":[{"id":"github_adoption","label":"GitHub adoption","score":76,"weight":0.13,"status":"info","detail":"696 GitHub stars"},{"id":"repo_activity","label":"Stars/forks activity","score":71,"weight":0.08,"status":"info","detail":"696 stars, 64 forks; issue activity unavailable in current metadata"},{"id":"maintenance","label":"Recent maintenance","score":100,"weight":0.14,"status":"pass","detail":"4d since push"},{"id":"license","label":"License clarity","score":86,"weight":0.09,"status":"pass","detail":"AGPL-3.0"},{"id":"documentation","label":"README/SKILL.md completeness","score":90,"weight":0.14,"status":"pass","detail":"Metadata includes enough usage and workflow context"},{"id":"dependency_risk","label":"Dependency/runtime risk","score":64,"weight":0.12,"status":"info","detail":"command execution surface, network or browser surface"},{"id":"installability","label":"Install availability","score":92,"weight":0.1,"status":"pass","detail":"npx skills add toby-bridges/api-relay-audit"},{"id":"install_safety","label":"Install command safety","score":92,"weight":0.1,"status":"pass","detail":"standard package or runtime install path"},{"id":"permission_surface","label":"Permission surface","score":62,"weight":0.07,"status":"info","detail":"shell or command execution, network or browser access"},{"id":"repository","label":"Repository evidence","score":86,"weight":0.04,"status":"pass","detail":"https://github.com/toby-bridges/api-relay-audit"},{"id":"review_status","label":"Review status","score":88,"weight":0.05,"status":"pass","detail":"AI review data available"}],"checks":[{"status":"info","label":"GitHub adoption","detail":"696 GitHub stars"},{"status":"info","label":"Stars/forks activity","detail":"696 stars, 64 forks; issue activity unavailable in current metadata"},{"status":"pass","label":"Recent maintenance","detail":"4d since push"},{"status":"pass","label":"License clarity","detail":"AGPL-3.0"},{"status":"pass","label":"README/SKILL.md completeness","detail":"Metadata includes enough usage and workflow context"},{"status":"info","label":"Dependency/runtime risk","detail":"command execution surface, network or browser surface"},{"status":"pass","label":"Install availability","detail":"npx skills add toby-bridges/api-relay-audit"},{"status":"pass","label":"Install command safety","detail":"standard package or runtime install path"},{"status":"info","label":"Permission surface","detail":"shell or command execution, network or browser access"},{"status":"pass","label":"Repository evidence","detail":"https://github.com/toby-bridges/api-relay-audit"},{"status":"pass","label":"Review status","detail":"AI review data available"},{"status":"warn","label":"Ownership","detail":"No approved owner claim yet"},{"status":"info","label":"OpenAgentSkill usage","detail":"No local usage activity yet"}],"strengths":["AI review approved","Install path is available","Repository evidence is available","Recently maintained repository","Meaningful GitHub adoption signal","Install command has no obvious high-risk pattern"],"warnings":["Quality score needs review"],"evidence":{"stars":"696 GitHub stars","repoActivity":"696 stars, 64 forks","lastPushed":"4d since push","license":"AGPL-3.0","repository":"https://github.com/toby-bridges/api-relay-audit","install":"npx skills add toby-bridges/api-relay-audit","installSafety":"standard package or runtime install path","permissionSurface":"shell or command execution, network or browser access","documentation":"Strong README/SKILL.md context"},"installReadiness":{"ready":true,"command":"npx skills add toby-bridges/api-relay-audit","policy":"human_review_before_install","label":"Human review before install","notes":["Install path is available","Repository evidence is available","License is declared","4d since push"]},"agentCompatibility":["Python","AI Agents","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"riskSummary":{"level":"low","label":"Low metadata risk","notes":["Quality score needs review"]}},"safety":{"score":63,"level":"review_before_install","label":"Review before install","safety_tier":{"tier":"reviewed","label":"Reviewed with permission notes","badge":"REVIEWED","summary":"Usable candidate, but the agent should surface permission and audit notes before installation.","recommended_action":"Require human approval before installing into a real workspace.","auto_install_policy":"review","reasons":["High-risk permission hints: Shell or command execution","63/100 agent safety score"]},"auto_install_allowed":false,"human_review_required":true,"blocked":false,"audit_risk":"safe_to_try","permission_hints":[{"id":"shell","label":"Shell or command execution","reason":"Skill metadata references terminal, CLI, shell, subprocess, or command execution workflows.","severity":"high"},{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"}],"policy_warnings":["High-risk permission hints: Shell or command execution","Quality score needs review"],"constraints_applied":{"max_risk":"medium","needs_install_command":true,"min_stars":0}},"safety_gate":{"tier":"reviewed","label":"Reviewed with permission notes","badge":"REVIEWED","auto_install_policy":"review","auto_install_allowed":false,"human_review_required":true,"blocked":false,"recommended_action":"Require human approval before installing into a real workspace.","reasons":["High-risk permission hints: Shell or command execution","63/100 agent safety score"]},"supply_profile":{"track":{"slug":"coding","label":"Coding and developer agents","shortLabel":"Coding","description":"Code review, repo analysis, testing, CI, GitHub, DevOps, and developer workflow skills."},"scenario":{"label":"Coding agents","description":"I need a coding agent that can understand a repository, edit code, and review pull requests.","useCases":[{"slug":"coding-agents","title":"Coding agents"},{"slug":"sports-analytics","title":"Sports analytics"},{"slug":"github-automation","title":"GitHub automation"}]},"applicableAgents":["Claude Code","CLI","Codex","Cursor","Python"],"install":{"ready":true,"command":"npx skills add toby-bridges/api-relay-audit","primaryTarget":"CLI","targetCount":4},"githubQuality":{"stars":696,"starsLabel":"696","forks":64,"license":"AGPL-3.0","qualityScore":86,"trustScore":83,"auditScore":87},"maintenance":{"status":"fresh","label":"4d since push","daysSincePush":4,"lastPushedAt":"2026-06-12T18:23:00+00:00"},"risk":{"level":"safe_to_try","label":"Safe to try","requiresReview":true,"notes":["Quality score needs review"]},"coverageTags":["Coding","Coding agents","agent-frameworks","agents","ai-agents","ai-audit","ai-security","anthropic"]},"audit":{"audit_score":87,"risk_level":"safe_to_try","risk_label":"Safe to try","warnings":["Quality score needs review"]},"decision":{"readiness_score":97,"readiness_label":"Production-ready","headline":"Primary pick for Coding agents","role":"Primary pick","primary_fit":"Coding agents","best_for":["Coding agents workflows","Claude Code teams","teams that value GitHub adoption signals"],"risks":["No OpenAgentSkill engagement data yet"],"next_steps":["Install it in a sandbox agent and run one Coding agents task end to end.","Compare output quality, latency, and failure behavior against at least one alternative.","Promote it into production only after reviewing repository permissions, license, and maintenance signals."]},"platforms":["Python","AI Agents","Claude Code"],"use_cases":[{"slug":"coding-agents","title":"Coding agents","url":"https://www.openagentskill.com/use-cases/coding-agents"},{"slug":"sports-analytics","title":"Sports analytics","url":"https://www.openagentskill.com/use-cases/sports-analytics"},{"slug":"github-automation","title":"GitHub automation","url":"https://www.openagentskill.com/use-cases/github-automation"},{"slug":"security-compliance","title":"Security and compliance","url":"https://www.openagentskill.com/use-cases/security-compliance"}],"install":"npx skills add toby-bridges/api-relay-audit","install_targets":[{"id":"openagentskill-cli","label":"CLI","title":"OpenAgentSkill CLI","kind":"command","value":"npx skills add toby-bridges/api-relay-audit","description":"Use the registry command when your workflow supports the OpenAgentSkill installer.","copyLabel":"Copy command"},{"id":"codex","label":"Codex","title":"Codex install prompt","kind":"agent-prompt","value":"Install the \"API Relay Audit\" agent skill from https://github.com/toby-bridges/api-relay-audit. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Local security audit for AI API relays and LLM proxies: detects prompt injection, model substitution, tool-call rewriting, SSE anomalies, error leakage, and Web3 wallet risks.","description":"Give Codex a repo-aware install prompt when the skill is not available through a local CLI.","copyLabel":"Copy prompt"},{"id":"claude-code","label":"Claude Code","title":"Claude Code skill prompt","kind":"agent-prompt","value":"Add \"API Relay Audit\" as a Claude Code skill from https://github.com/toby-bridges/api-relay-audit. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Local security audit for AI API relays and LLM proxies: detects prompt injection, model substitution, tool-call rewriting, SSE anomalies, error leakage, and Web3 wallet risks.","description":"Use this prompt to ask Claude Code to add the skill and explain the local activation steps.","copyLabel":"Copy prompt"},{"id":"cursor","label":"Cursor","title":"Cursor rule prompt","kind":"agent-prompt","value":"Turn \"API Relay Audit\" from https://github.com/toby-bridges/api-relay-audit into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Local security audit for AI API relays and LLM proxies: detects prompt injection, model substitution, tool-call rewriting, SSE anomalies, error leakage, and Web3 wallet risks.","description":"Use this when installing as Cursor project rules or reusable agent instructions.","copyLabel":"Copy prompt"}],"repository":"https://github.com/toby-bridges/api-relay-audit","github_repo":"toby-bridges/api-relay-audit","version":"1.0.0","license":"AGPL-3.0","updated_at":"2026-06-16T03:03:08.586772+00:00","canonical_key":"toby-bridges/api-relay-audit","recommendation_reasons":["Useful GitHub adoption: 696 stars","Install handoff is available","Repository freshness signal is available"],"urls":{"web":"https://www.openagentskill.com/skills/toby-bridges-api-relay-audit","api":"https://www.openagentskill.com/api/agent/skills/toby-bridges-api-relay-audit","install_api":"https://www.openagentskill.com/api/skills/toby-bridges-api-relay-audit/install","audit":"https://www.openagentskill.com/skills/toby-bridges-api-relay-audit/audit","repository":"https://github.com/toby-bridges/api-relay-audit"},"meta":{"endpoint":"/api/registry/manifest/{slug}","canonical_agent_endpoint":"/api/agent/skills/toby-bridges-api-relay-audit","agent_friendly":true,"api_version":"1.0","generated_at":"2026-06-17T13:16:43.252Z"}}