fp-review-spec
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a read-only validation tool that processes local project files for structural compliance. No malicious intent or dangerous behaviors were detected.
- [PROMPT_INJECTION]: The skill uses a placeholder for user arguments ($ARGUMENTS). This is a common feature for providing context and does not contain instructions to override safety filters or agent behavior.
- [DATA_EXFILTRATION]: The skill reads E2E_TESTS.md files but lacks any network communication capabilities (curl, wget, etc.) or access to sensitive system directories (e.g., .ssh, .env).
- [REMOTE_CODE_EXECUTION]: No patterns for remote code execution, package installation, or dynamic script execution were found.
- [SAFE]: (Indirect Prompt Injection Assessment) 1. Ingestion points: The skill reads external E2E_TESTS.md files. 2. Boundary markers: None present. 3. Capability inventory: No execution, writing, or network capabilities found. 4. Sanitization: None present. Due to the lack of capabilities, the exposure is negligible.
Audit Metadata