unawareness
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted source code as its primary input to identify privacy threats. While it lacks explicit sanitization or boundary markers for this data, its capabilities are limited to reading files and generating a report based on provided templates. It does not execute the analyzed code or perform network operations, maintaining a low risk profile for this attack surface.
- [COMMAND_EXECUTION]: The skill describes a manual or automated workflow for searching code using grep patterns (e.g.,
analytics.init,document.cookie). These patterns are diagnostic in nature and do not represent the execution of arbitrary or malicious commands by the skill itself. - [DATA_EXPOSURE_AND_EXFILTRATION]: No evidence of hardcoded credentials or network exfiltration patterns was found. The skill focuses on identifying privacy-related data collection points within the user's code rather than accessing the agent's sensitive environment data.
Audit Metadata