skill-system-behavior
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to manage and validate behavior specifications for other agent skills, following a BDD (Behavior-Driven Development) workflow.
- [COMMAND_EXECUTION]: The skill uses local Python scripts for its operations (e.g., validate_spec.py, verify_structural.py). These scripts are bundled with the skill and perform expected file-processing tasks related to the skill's stated purpose.
- [EXTERNAL_DOWNLOADS]: The skill identifies a dependency on the standard PyYAML Python package for processing YAML files. No untrusted or non-standard external dependencies or remote code execution patterns were found.
- [DATA_EXFILTRATION]: No network activity or attempts to access sensitive system files (such as credentials or SSH keys) were detected in the scripts or metadata. Data processing is confined to the local filesystem.
- [PROMPT_INJECTION]: The instructions focus on technical workflow management and do not include patterns designed to bypass safety filters, override agent behavior, or extract system prompts.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests local project files and specifications. While this represents a data ingestion surface, the processing is limited to structural validation and documentation generation, with no interpolation of untrusted data into instructions that would influence agent behavior.
Audit Metadata