oac-approach
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses instructional tags like
<HARD-GATE>to enforce process constraints. These are used defensively to prevent unauthorized actions and do not contain malicious overrides or safety bypass attempts. - [DATA_EXFILTRATION]: No evidence of credential theft, sensitive file access to common secrets paths, or unauthorized network operations. The skill uses internal tools for context discovery within the project environment.
- [REMOTE_CODE_EXECUTION]: No remote script downloads, piped execution (curl|bash), or unauthorized package installations were detected.
- [COMMAND_EXECUTION]: The skill explicitly forbids code execution or file changes until a plan is approved by the user, serving as a significant security control.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user input and project context through
oac:context-discovery. While this constitutes an ingestion surface for untrusted data, the design of the skill (Step 5: Get Approval) ensures a human-in-the-loop verification before any subsequent actions are taken, effectively mitigating the risk of automated exploitation.
Audit Metadata