verification-before-completion
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill uses strong instructional language to mandate verification (e.g., 'The Iron Law'), but these are behavioral constraints aimed at task accuracy rather than bypassing safety filters or security protocols.
- [Data Exposure & Exfiltration] (SAFE): No access to sensitive files, hardcoded credentials, or network exfiltration techniques were found.
- [Remote Code Execution] (SAFE): The skill does not download or execute remote scripts; it only provides guidance on when and why the agent should run its own verification tools.
- [Indirect Prompt Injection] (LOW): The skill's primary function is to ingest output from external commands (tests, builds, linters). While this creates a surface for indirect prompt injection if those commands produce malicious output, the skill itself is purely instructional and does not provide any exploitable automation.
- [Persistence & Privilege Escalation] (SAFE): No patterns related to maintaining access or escalating user permissions were detected.
Audit Metadata