verification-before-completion
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): The instructions use authoritative language (e.g., 'The Iron Law', 'Non-negotiable') to enforce a strict verification workflow. These are standard task-guidance instructions and do not attempt to bypass safety filters or extract system prompts.
- DATA_EXFILTRATION (SAFE): No commands for network access or sensitive file reading were detected. The skill focuses on local environment verification commands (tests, linters).
- REMOTE_CODE_EXECUTION (SAFE): The skill is entirely Markdown-based and does not include scripts, package managers, or remote download commands.
- COMMAND_EXECUTION (SAFE): While the skill instructs the agent to run commands (test, build, lint), it does not specify any malicious commands. It acts as a procedural framework for the agent to use existing, trusted project tools.
- INDIRECT_PROMPT_INJECTION (SAFE): The skill identifies a data ingestion surface (reading test and linter outputs). While these could theoretically contain adversarial content, the skill's purpose is to improve accuracy and verification, which serves as a defensive measure rather than a vulnerability.
Audit Metadata