concept-modeler
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a local script
scripts/glossary_gen.pyto scan the codebase for domain terms. This script uses regular expressions to find class and interface names; it does not execute the target code or require network access. - [PROMPT_INJECTION]: The skill processes user-provided requirements through structured prompt templates. This represents an indirect prompt injection surface. 1. Ingestion points: User-provided natural language input via SKILL.md and ENTITY_EXTRACTION_PROMPT.md. 2. Boundary markers: Absent. 3. Capability inventory: Ability to use the
write_to_filetool to save analysis results. 4. Sanitization: None. This surface is a functional requirement of the skill's purpose as a modeling tool and is mitigated by the use of expert role-play prompts and structured JSON output requirements.
Audit Metadata