solid-knowledge
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions designed to override agent behavior or bypass safety filters were detected. The use of 'IMPORTANT' and 'CRITICAL' is limited to describing architectural importance within documentation.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials, sensitive file path references, or network operations (curl, wget, etc.) are present in the skill files.
- [COMMAND_EXECUTION] (SAFE): The skill provides documentation for bash commands (
find,grep,awk) meant to be used for static code analysis. These are presented as educational examples for the user to run manually and are not automated by the skill. - [REMOTE_CODE_EXECUTION] (SAFE): No patterns for downloading and executing remote scripts or installing unverifiable packages were found.
- [OBFUSCATION] (SAFE): No Base64, zero-width characters, or homoglyphs were used to hide malicious intent.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill's purpose is to help the agent process untrusted user code (the 'audit' use case), the skill itself only provides static Markdown documentation. It does not introduce automated execution capabilities or prompt interpolation mechanisms that would create an attack surface.
Audit Metadata