tech-stack-evaluator
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: All components of the skill are implemented as standalone Python scripts that perform data processing without external dependencies or risky system calls. No malicious patterns were identified.
- [COMMAND_EXECUTION]: Static analysis of script files confirms there are no calls to subprocess, os.system, or other functions that could execute system commands or be vulnerable to injection.
- [EXTERNAL_DOWNLOADS]: The skill does not perform network operations and lacks imports for network libraries like requests or urllib, preventing unauthorized remote access.
- [DATA_EXFILTRATION]: No evidence was found of the skill accessing sensitive file paths (e.g., credentials, ssh keys) or attempting to transmit data to external domains.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied text through the format_detector.py script. While it lacks explicit boundary markers, the security risk is negligible as the skill possesses no dangerous capabilities to exploit. Mandatory Evidence Chain: 1. Ingestion point: scripts/format_detector.py. 2. Boundary markers: Absent. 3. Capability inventory: No network, shell, or sensitive file access. 4. Sanitization: Normalization of text input to standard formats.
Audit Metadata