security-compliance-compliance-check
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided business information and application requirements to generate tailored compliance reports and templates, creating a surface for indirect prompt injection.\n
- Ingestion points: Business context and application requirements enter the agent context through the $ARGUMENTS variable in SKILL.md.\n
- Boundary markers: Absent; the instructions do not specify delimiters or instructions to ignore commands embedded within the user-provided data.\n
- Capability inventory: No subprocess calls, exec/eval, file-write, or network operations were detected in SKILL.md or resources/implementation-playbook.md.\n
- Sanitization: Absent; no input validation or sanitization of the provided business information is performed before processing.\n- [DYNAMIC_EXECUTION]: The skill provides Python code snippets and YAML configuration templates. This is classified as low risk as it involves simple script generation from known templates for the user's manual implementation rather than execution by the agent.\n- [EXTERNAL_DOWNLOADS]: The implementation playbook includes documentation for GitHub Actions workflows referencing standard actions such as actions/checkout. These references target well-known and trusted services for documentation purposes and do not represent a security risk.
Audit Metadata