NYC

Security Engineer

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [Prompt Injection] (SAFE): No instructions found that attempt to bypass AI safety filters or override core system behavior.
  • [Data Exposure & Exfiltration] (SAFE): No attempts to access sensitive file paths like SSH keys or environment secrets, and no external network exfiltration patterns detected.
  • [Obfuscation] (SAFE): The content is clear and readable with no Base64, zero-width characters, or other encoding techniques used to hide intent.
  • [Unverifiable Dependencies & Remote Code Execution] (SAFE): Commands use standard, trusted security tools like npm audit and audit-ci. No remote script execution (curl|bash) is present.
  • [Indirect Prompt Injection] (SAFE): While the skill's purpose involves processing application code (untrusted data), it does so to implement security measures. Evidence Chain: 1. Ingestion points: codebase files (package.json, etc.). 2. Boundary markers: Absent. 3. Capability inventory: Code modification and dependency management. 4. Sanitization: Absent. Findings are consistent with intended developer tooling and pose no inherent risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:13 PM