wod-toolkit
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No malicious instruction overrides or safety filter bypasses were found. The skill uses fictional roleplaying terms (e.g., 'corruption', 'malice') that are appropriate for its context and do not affect agent safety.
- Data Exposure & Exfiltration (SAFE): The skill does not attempt to access system credentials, environment variables, or private files. It operates strictly on local project data and contains no network-enabled code.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The provided lookup.py script uses standard libraries (json, sys, pathlib) and performs safe JSON lookups. No remote script downloads or piped bash execution patterns were identified.
- Command Execution (SAFE): Instructions to execute commands are limited to running the included local utility script for data retrieval within the RPG toolkit's scope.
- Dynamic Execution (SAFE): The skill relies on static data lookups and modular markdown instructions without any unsafe dynamic code generation or deserialization.
Audit Metadata