business-compliance
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a read-only auditing tool. It extracts business logic and application metadata (API endpoints, data stores, and types) from the local filesystem to generate compliance reports. It does not possess capabilities to modify the environment or communicate externally.\n- [DATA_EXPOSURE]: The skill performs deep inspection of the application's internal structure, including routing and API patterns. However, all extracted data remains local to the user session, as the skill lacks network access or exfiltration tools.\n- [PROMPT_INJECTION]: The skill processes data from documentation files (e.g., docs/domain/*.md) which are potential vectors for indirect prompt injection. Because the skill's capabilities are restricted to terminal output and it lacks the ability to execute commands or write files, the potential impact of such an injection is confined to the content of the generated report.
Audit Metadata