validation-quarantine
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is explicitly designed to handle untrusted external data. While it uses robust schema validation (Zod), it processes free-text fields like titles using regex. If the output of this skill (e.g., quality warnings or the data itself) is fed into a downstream LLM without sanitization, it could serve as a vector for indirect injection. However, the skill's purpose is inherently defensive.
- [External Downloads] (LOW): The implementation depends on the
zodpackage. This is a highly trusted, standard validation library used widely in the TypeScript ecosystem. - [No Malicious Patterns] (SAFE): No evidence of prompt injection, data exfiltration, obfuscation, or unauthorized command execution was found in the code or metadata.
Audit Metadata