usage
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found in the skill body or metadata.\n- [DATA_EXFILTRATION] (SAFE): The skill processes usage statistics and cost data but does not access sensitive system files (e.g., ~/.ssh, ~/.aws) or hardcoded credentials. It does not perform network operations to external domains.\n- [REMOTE_CODE_EXECUTION] (SAFE): No remote scripts are downloaded or executed. Dynamic imports in index.ts use hardcoded relative paths to internal library modules.\n- [COMMAND_EXECUTION] (SAFE): No subprocess spawning, shell execution, or system command calls were detected.\n- [INDIRECT_PROMPT_INJECTION] (LOW):\n
- Ingestion points: User input (userId, model names, date ranges) is ingested from command arguments in the execute function.\n
- Boundary markers: Absent; output strings are returned as plain markdown without explicit delimiters for processed data.\n
- Capability inventory: Database read operations and a single database write (DELETE) for the reset command.\n
- Sanitization: High. The skill correctly implements parameterized SQL queries (e.g., db.query(sql, [params])) for all dynamic lookups, effectively preventing SQL injection attacks.
Audit Metadata