nfr-assess
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's instructions and reference materials show no evidence of malicious intent, data exfiltration, or unauthorized privilege escalation. It functions strictly as an assessment tool.\n- [COMMAND_EXECUTION]: The skill uses various command-line utilities (e.g., npm audit, semgrep, artillery, k6) for its assessment phases. These are standard tools for technical evaluation and are consistent with the skill's primary objective.\n- [PROMPT_INJECTION]: The skill processes untrusted implementation and task files, creating a surface for indirect prompt injection. This is a functional requirement for the skill's code review capabilities.\n
- Ingestion points: Task specification files and project source code implementation records.\n
- Boundary markers: None explicitly defined in the assessment instructions to separate data from instructions.\n
- Capability inventory: Execution of shell-based assessment tools and local file-system operations (report generation).\n
- Sanitization: No explicit sanitization or filtering of the content within processed files is performed.
Audit Metadata