pasta-scope
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is an instructional markdown file that defines a methodology for technical scope mapping. It does not contain executable code, scripts, or commands that could be used for malicious purposes.
- [PROMPT_INJECTION]: No evidence of prompt injection patterns was found. The skill does not attempt to override system instructions or bypass safety filters.
- [INDIRECT_PROMPT_INJECTION]: The skill identifies ingestion points for potentially untrusted data in Workflow Steps 1 and 2, which scan route files, API specifications (OpenAPI/Swagger/GraphQL), Dockerfiles, and Infrastructure-as-Code manifests. Ingestion points: SKILL.md (Step 1 & 2 files). Boundary markers: None explicitly defined. Capability inventory: The skill provides instructions for textual analysis and report generation only; it does not define capabilities for subprocess execution or network operations. Sanitization: Not mentioned. Assessment: While these ingestion points represent an attack surface, the process is fundamental to the skill's purpose of security analysis, and no exploitable logic is present.
Audit Metadata