gtm-fix-guide
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill's primary function is to read local test results and generate a human-readable guide.\n- [SAFE]: The skill follows the principle of least privilege by explicitly stating it does not make API calls or modify live GTM configurations. All operations are confined to the local project root.\n- [SAFE]: Data Ingestion Surface Analysis (Category 8): The skill processes external data from
gtm-test-results.jsonandgtm-context.md. While this is an ingestion point, the risk is negligible because the agent uses the data solely for reporting and classification. \n - Ingestion points:
gtm-test-results.json(Phase 1) andgtm-context.md(Phase 0). \n - Boundary markers: None present in the instructions. \n
- Capability inventory: File system read/write access to the project root. No network or subprocess capabilities. \n
- Sanitization: The skill performs pattern matching on error strings but does not include explicit output escaping. The lack of dangerous capabilities (network, execution) renders this surface safe.
Audit Metadata