isms-audit-expert
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structured documentation, methodologies, and templates for information security management system auditing. The content is professionally focused on compliance and control testing without any signs of malicious intent.
- [COMMAND_EXECUTION]: The skill includes a Python script
scripts/isms_audit_scheduler.pyfor audit planning. This script uses standard libraries (argparse,csv,json) to process data locally. It does not useos.system,subprocess, oreval, making it safe for execution in the intended context. - [INDIRECT_PROMPT_INJECTION]: The audit scheduler script processes external data (CSV files), which is a common pattern for data processing skills. While this represents a theoretical surface for indirect prompt injection if malicious data is provided in the input CSV, the risk is negligible given the script's limited capabilities.
- Ingestion points:
scripts/isms_audit_scheduler.pyreads user-supplied CSV files via the--controlsparameter. - Boundary markers: No specific delimiters are applied to the input data within the script's output.
- Capability inventory: The script is restricted to local file I/O (reading CSV, writing JSON/Markdown) and does not possess network or advanced system capabilities.
- Sanitization: The script performs standard CSV parsing and string formatting without specific safety filtering for instructions embedded in data.
Audit Metadata