onboard
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No direct instruction overrides, safety filter bypasses, or malicious role-play markers were detected in the skill markdown or metadata.
- [Data Exposure & Exfiltration] (SAFE): The skill reads local files to provide context but does not possess network capabilities or exfiltration logic. It explicitly advises users to exclude sensitive credentials from the ingested files.
- [Indirect Prompt Injection] (LOW): The skill's purpose is to ingest and follow instructions from external files, which could contain malicious directives. 1. Ingestion points: CLAUDE.md files located throughout the vault and accessed via Glob and Read tools. 2. Boundary markers: Absent; the skill does not wrap file content in delimiters or include instructions to ignore embedded commands. 3. Capability inventory: Access to Read, Glob, and Grep tools which could be abused if an injected instruction directs the agent to search for sensitive data. 4. Sanitization: None; the skill assumes all vault content is trustworthy.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill contains no executable scripts, binaries, or references to external code packages.
Audit Metadata