add-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- NO_CODE (SAFE): The skill files consist entirely of Markdown documentation and do not include any executable scripts or binary files.
- PROMPT_INJECTION (LOW): The 'Config Check Pattern' defines an Indirect Prompt Injection surface where an AI agent responds to instructions (the 'ai_action' field) provided in a script's JSON output. * Ingestion points: JSON output from the check_{service}_config.py script described in integration-architecture.md. * Boundary markers: Absent; the architectural documentation does not specify the use of delimiters or 'ignore' instructions for the tool output. * Capability inventory: The agent is designed to collect sensitive credentials (API keys) or execute setup wizards based on the script's guidance. * Sanitization: No sanitization or validation logic for the script's output is mentioned in the pattern description.
Audit Metadata