geo-fundamentals
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill audits local project files via the geo_checker.py script, creating a surface for potential injection from untrusted data within those directories. 1. Ingestion points: Local files accessed via Read and Grep. 2. Boundary markers: None identified. 3. Capability inventory: Local read-only access (Read, Glob, Grep). 4. Sanitization: None described.
- Unverifiable Dependencies & Remote Code Execution (LOW): The script scripts/geo_checker.py is referenced in the documentation but its source code was not provided for analysis. Additionally, the tool definitions (Read, Glob, Grep) do not align with the command execution requirements for running a Python script.
Audit Metadata