icp-matching
Pass
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: LOW
Full Analysis
- Metadata Analysis (INFO): The skill references an external MCP server (
@clawfu/mcp-skills) in the metadata. While this indicates an external dependency for full functionality, the skill itself is purely instructional and contains no code to install or execute the server. - Indirect Prompt Injection (LOW): The skill is designed to process external data (prospect profiles). While it lacks explicit boundary markers to segregate data from instructions, its capabilities are limited to reasoning and calculation without any direct side effects (e.g., file writes or network calls) within the skill body, making the risk low.
- Command Execution (SAFE): No use of shell commands, subprocesses, or administrative privileges detected.
- Data Exfiltration (SAFE): No evidence of hardcoded credentials, sensitive file access, or unauthorized network operations.
Audit Metadata