engagement-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to override system behavior or bypass safety filters.
- [Data Exposure & Exfiltration] (SAFE): While the skill is designed to process sensitive HR data, it contains no network operations or file system access commands to exfiltrate information.
- [Remote Code Execution] (SAFE): No remote code execution patterns or package installations were detected. The mention of an MCP server in the metadata is a configuration reference rather than an executable command.
- [Indirect Prompt Injection] (SAFE): The skill processes external survey data; however, it lacks any scripts or tools with exploitable capabilities (e.g., file-writing or network requests), meaning the attack surface for indirect injection is not actionable.
Audit Metadata