ra-qm-skills
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of professional regulatory guidance documents and Python scripts designed for compliance auditing. No malicious behavior was identified during the analysis.
- [SAFE]: Python scripts are implemented using only standard library modules (json, csv, os, pathlib, etc.). There are no external dependencies or unverifiable packages included.
- [SAFE]: No network operations (e.g., curl, requests) or data exfiltration mechanisms were found in any of the analyzed files.
- [SAFE]: The skill includes code analysis tools (e.g.,
gdpr_compliance_checker.py,hipaa_risk_assessment.py) that ingest local project files. While this creates a surface for indirect prompt injection, it is the intended primary purpose of the skill and no evidence of exploitation was found. - Ingestion points:
gdpr_compliance_checker.py,hipaa_risk_assessment.py,qsr_compliance_checker.py, andfda_submission_tracker.pyread files from the local directory. - Boundary markers: Not present in the automated tool output.
- Capability inventory: The scripts have file-read and file-write (to local JSON/Markdown reports) capabilities.
- Sanitization: None performed on the content of scanned files.
Audit Metadata