flexport-core-workflow-a
Facilitates shipment booking and purchase order management through the Flexport API, streamlining logistics operations.
Install this skill
Security score
The flexport-core-workflow-a skill was audited on May 17, 2026 and we found 24 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 42 | 'Authorization': `Bearer ${process.env.FLEXPORT_API_KEY}`, |
Template literal with variable interpolation in command context
| 48 | const po = await fetch(`${BASE}/purchase_orders`, { |
Template literal with variable interpolation in command context
| 65 | console.log(`PO created: ${po.data.id}`); |
Template literal with variable interpolation in command context
| 72 | const booking = await fetch(`${BASE}/bookings`, { |
Template literal with variable interpolation in command context
| 87 | console.log(`Booking: ${booking.data.id} | Status: ${booking.data.status}`); |
Template literal with variable interpolation in command context
| 96 | `${BASE}/shipments/${booking.data.shipment_id}`, { headers } |
Template literal with variable interpolation in command context
| 99 | console.log(`Shipment ${shipment.data.id}:`); |
Template literal with variable interpolation in command context
| 100 | console.log(` Status: ${shipment.data.status}`); |
Template literal with variable interpolation in command context
| 101 | console.log(` ETD: ${shipment.data.estimated_departure_date}`); |
Template literal with variable interpolation in command context
| 102 | console.log(` ETA: ${shipment.data.estimated_arrival_date}`); |
Template literal with variable interpolation in command context
| 103 | console.log(` Legs: ${shipment.data.legs?.length ?? 0}`); |
Template literal with variable interpolation in command context
| 111 | `${BASE}/shipments/${shipment.data.id}/documents`, { headers } |
Template literal with variable interpolation in command context
| 115 | console.log(`${doc.document_type}: ${doc.file_name} (${doc.url})`); |
Template literal with variable interpolation in command context
| 134 | `${BASE}/purchase_orders?status=open&per=25&page=1`, { headers } |
Template literal with variable interpolation in command context
| 138 | console.log(`${po.name} | ${po.status} | Ready: ${po.cargo_ready_date}`); |
Template literal with variable interpolation in command context
| 145 | await fetch(`${BASE}/purchase_orders/${poId}`, { |
Webhook reference - potential data exfiltration
| 126 | | `404 shipment not found` | Booking not yet confirmed | Wait for booking confirmation webhook | |
Access to .env file
| 42 | 'Authorization': `Bearer ${process.env.FLEXPORT_API_KEY}`, |
External URL reference
| 27 | The primary Flexport integration path: create purchase orders, book shipments, and track cargo through the supply chain. The API v2 uses RESTful endpoints at `https://api.flexport.com` with JSON paylo |
External URL reference
| 40 | const BASE = 'https://api.flexport.com'; |
External URL reference
| 156 | - [Booking API Tutorial](https://developers.flexport.com/tutorials/booking/) |
External URL reference
| 157 | - [Purchase Order API Tutorial](https://developers.flexport.com/tutorials/purchase-order-api-tutorial/) |
External URL reference
| 158 | - [Shipment API Tutorial](https://developers.flexport.com/tutorials/shipment-api-tutorial/) |
External URL reference
| 159 | - [API Reference](https://apidocs.flexport.com/) |