hpk-parser
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the '@erp-pas/hpk-dictionary' NPM package and references an internal GitLab repository ('gitlab-erp-pas.dedalus.lan'). These are identified as legitimate vendor-owned resources belonging to the author 'dedalus-erp-pas'.
- [PROMPT_INJECTION]: The skill processes raw HPK message strings, which constitutes an indirect prompt injection surface. However, the risk is assessed as safe as the skill only performs data parsing and explanation without any high-risk capabilities such as code execution or network connectivity. 1. Ingestion points: Raw text input containing HPK messages (processed in SKILL.md). 2. Boundary markers: Structural parsing based on pipe ('|') delimiters and header identification. 3. Capability inventory: No file system access, subprocess execution, or network operations detected in the skill instructions. 4. Sanitization: Implements comprehensive validation including field count, data types, and mandatory field checks.
Audit Metadata