advisor-triggers
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No patterns detected that attempt to bypass safety filters or extract system instructions. The skill is focused on detecting specific architectural keywords.
- [Data Exposure & Exfiltration] (SAFE): The skill does not contain hardcoded credentials or network-capable commands (like curl or fetch). It uses localized read-only tools (Read, Grep, Glob).
- [Remote Code Execution] (SAFE): No external script downloads or package manager commands (npm, pip) were found. The code logic provided is for descriptive/documentation purposes within the markdown.
- [Obfuscation] (SAFE): All text is human-readable with no Base64, zero-width characters, or encoded strings detected.
- [Indirect Prompt Injection] (SAFE): While the skill ingests untrusted user input to generate a suggestion, it does so by interpolating the input into a markdown template for user review. It lacks the capabilities (like file-write or network-post) required to facilitate a high-impact injection attack.
- [Privilege Escalation] (SAFE): No administrative or elevated command patterns (sudo, chmod) are present.
Audit Metadata