anti-fraud
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- No Security Issues Detected (SAFE): The skill implements a multi-layered defense system for registration flows using industry-standard security techniques.
- Prompt Injection (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were detected in the skill body or metadata.
- Data Exposure & Exfiltration (SAFE): The skill does not attempt to access sensitive local files (e.g., SSH keys, AWS credentials) or hardcode secrets. It correctly demonstrates the use of environment variables for encryption keys.
- Obfuscation (SAFE): All provided code and documentation are in plain text. No Base64, zero-width characters, or other encoding techniques were used to hide malicious intent.
- Remote Code Execution (SAFE): The code snippets provided are static and do not involve downloading or executing remote scripts or packages during runtime.
- Indirect Prompt Injection (SAFE): While the skill handles user registration data, it is designed for a traditional web architecture (Node.js/React) where data is validated against a schema and not interpolated into subsequent LLM prompts.
Audit Metadata