isms-audit-expert
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structured documentation and methodologies for ISO 27001:2022 auditing, including preparation checklists, control testing procedures, and finding management workflows.
- [COMMAND_EXECUTION]: The included utility
scripts/isms_audit_scheduler.pyis a benign Python script used to generate risk-based audit plans. It relies solely on standard libraries (argparse,csv,json,sys,datetime) and does not perform network operations, execute shell commands, or access sensitive system directories. - [PROMPT_INJECTION]: The
isms_audit_scheduler.pyscript processes external CSV files via the--controlsparameter. This constitutes a surface for indirect prompt injection if the resulting audit plan is processed by downstream AI agents without validation. However, the script's limited functionality (formatting local data) and lack of dangerous capabilities mitigate this risk. - [DATA_EXFILTRATION]: No evidence of data exfiltration or hardcoded credentials was found. The skill does not include any network-enabled tools or instructions to send data to external endpoints.
Audit Metadata