librarian
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of Markdown instructions and metadata. It does not include any scripts, binaries, or configuration files.
- [PROMPT_INJECTION] (SAFE): No instructions designed to override agent behavior, bypass safety filters, or extract system prompts were detected.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials (API keys, tokens) or attempts to access sensitive local file paths (e.g., SSH keys, env files) were found.
- [REMOTE_CODE_EXECUTION] (SAFE): There are no patterns involving the download or execution of remote scripts or the installation of unverified packages.
- [COMMAND_EXECUTION] (SAFE): The skill does not define any shell commands, subprocess calls, or system-level operations.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to process untrusted data from external sources like GitHub issues and technical blogs. While this creates a vulnerability surface, the risk is inherent to the skill's purpose and is mitigated by the absence of executable capabilities.
- Ingestion points: External documentation URLs, GitHub issues, PRs, and technical blogs.
- Boundary markers: Uses structured Markdown templates (Type A, B, C) to separate source content from agent analysis.
- Capability inventory: None. The skill has no file-write, network-send (other than search), or code execution capabilities.
- Sanitization: Not explicitly defined in the prompt instructions.
Audit Metadata