pareto-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): Instructions are focused on the analysis workflow. No attempts to bypass safety filters or extract system prompts were found.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file paths were detected. The skill does not perform network operations or access unauthorized data.
- [Obfuscation] (SAFE): No encoded content or hidden characters were detected in any of the files.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill uses local Python scripts that rely only on standard libraries. No external packages are installed or remote scripts executed.
- [Privilege Escalation] (SAFE): No commands requiring elevated privileges (like sudo or chmod) are present.
- [Persistence Mechanisms] (SAFE): No attempts to modify shell profiles, cron jobs, or startup services.
- [Metadata Poisoning] (SAFE): Metadata in SKILL.md and plugin.json is accurate and consistent with the skill's purpose.
- [Indirect Prompt Injection] (SAFE): The skill processes user-provided categorical data. While it lacks explicit boundary markers, the data is processed via structured JSON and standard Python libraries for calculation rather than raw interpolation into reasoning prompts, mitigating injection risks.
- [Time-Delayed / Conditional Attacks] (SAFE): No logic gating behavior based on time or environment variables was found.
- [Dynamic Execution] (SAFE): Python scripts use safe JSON parsing and avoid dangerous functions like eval(), exec(), or pickle.
Audit Metadata