nav-profile
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill reads and writes to a specific local file
.agent/.user-profile.json. There are no network calls or attempts to access sensitive system directories or credentials. - [Remote Code Execution] (SAFE): The skill does not employ dynamic execution functions like
eval()orexec(). All logic is contained within static Python scripts using standard libraries. - [Indirect Prompt Injection] (SAFE): The skill processes user input via the
preference_extractor.pyand stores results in a JSON profile. It does not use this data to influence its own execution logic, though other skills reading this profile should treat the data as untrusted.
Audit Metadata