Skills
skills/bluewaves-creations/bluewaves-skills/brand-wave-artisans/Gen Agent Trust Hub

brand-wave-artisans

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The file assets/manifest.json contains a reference to https://unpkg.com/@phosphor-icons/core@2.1.1/assets/regular to fetch icon assets. While unpkg is a standard CDN, it is not listed as a trusted external source.
  • [PROMPT_INJECTION] (LOW): The skill possesses an indirect prompt injection surface. Ingestion points: The assets/manifest.json and references/tokens.md files are intended to be read by tools like render.py. Boundary markers: No markers are present to prevent the agent from interpreting data in these files as instructions. Capability inventory: The skill allows the use of Bash, Read, and Write tools. Sanitization: No sanitization logic is provided to escape or validate token values before they are used in downstream processing.
  • [NO_CODE] (SAFE): No scripts or binaries were found in the skill; all files are documentation or configuration data.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 08:22 AM