pm-policy
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill does not contain any executable scripts, binaries, or source code files. It consists solely of a markdown configuration file (SKILL.md) defining document templates and stylistic guidelines.
- [EXTERNAL_DOWNLOADS]: The skill utilizes
WebFetchandWebSearchtools to retrieve external information for policy analysis. While the examples provided in the instructions reference reputable organizations such as the Swedish Civil Contingencies Agency (MSB) and the Australian Strategic Policy Institute (ASPI), the tools are capable of fetching data from any user-provided or search-discovered URL. - [PROMPT_INJECTION]: The skill is subject to potential indirect prompt injection because it is designed to ingest and process untrusted external data from the web.
- Ingestion points: External content retrieved through the
WebSearchandWebFetchtools during the research phase. - Boundary markers: The instructions do not define specific delimiters or "ignore previous instructions" guards for the data being fetched.
- Capability inventory: The skill is granted
Writeaccess to the local filesystem and network access viaWebFetchandWebSearchtools. - Sanitization: There are no explicit instructions for the agent to sanitize, escape, or validate the data retrieved from external sources before incorporating it into the final document.
Audit Metadata