freeze-static
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No evidence of direct prompt injection or attempts to bypass agent safety filters were found in the instructions.
- [DATA_EXFILTRATION] (SAFE): No patterns related to sensitive file access, credential harvesting, or unauthorized network operations were detected.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references the '@gravito/freeze' npm package in TypeScript blueprints. However, there are no commands to download or execute arbitrary scripts from untrusted sources at runtime.
- [INDIRECT_PROMPT_INJECTION] (SAFE):
- Ingestion points: The skill mentions fetching data at build time for hydration (Workflow Step 3).
- Boundary markers: No explicit boundary markers are defined for the fetched data.
- Capability inventory: The skill describes generating files in a 'dist-static/' directory and executing a build process.
- Sanitization: While no specific sanitization steps are detailed for the fetched data, the context is limited to standard static site generation which is inherently low risk in this configuration.
Audit Metadata