data-flows
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a structured methodology for static analysis of codebases. It identifies data flow paths to detect security weaknesses like missing validation or sensitive data in logs without executing the code itself.
- [PROMPT_INJECTION]: No override instructions, safety bypasses, or system prompt extraction attempts were found in the skill body or metadata.
- [DATA_EXFILTRATION]: The skill does not contain any network-facing commands or logic to send data to external domains. It focuses on internal analysis and reporting.
- [REMOTE_CODE_EXECUTION]: There are no patterns for downloading or executing remote scripts. The skill mentions tools like 'pickle.loads' only as vulnerability patterns to search for in the analyzed code, not as executable components of the skill.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data (source code). While this creates an attack surface for indirect prompt injection, the skill's capabilities are limited to producing text-based reports and diagrams, which significantly mitigates the risk of the agent performing unauthorized actions based on embedded instructions.
Audit Metadata