osint-methodologies
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill contains no executable malicious code, obfuscation, or persistence mechanisms. All instructions are aligned with the stated purpose of OSINT collection and democratic transparency.
- [EXTERNAL_DOWNLOADS]: The skill references and fetches data from well-known and trusted official sources, including the Swedish Parliament (Riksdagen), the Swedish Election Authority (Valmyndigheten), the World Bank Open Data platform, and the Swedish Financial Management Authority (ESV). These connections are documented neutrally as standard data ingestion points for the intended OSINT functionality.
- [PROMPT_INJECTION]: The skill documentation defines a framework for ingesting untrusted data from external sources (Category 8 surface).
- Ingestion points: Data enters through the 'Data Ingestion Pipeline' from external APIs described in SKILL.md.
- Boundary markers: The skill does not explicitly define delimiters or 'ignore' instructions for the data if it is subsequently passed to an LLM context.
- Capability inventory: The described scripts include database writes (voteRepository.saveAll) and alerting services (alertService.sendAlert).
- Sanitization: The skill outlines comprehensive validation logic, including completeness checks, consistency validation, and temporal validity checks to ensure data quality.
Audit Metadata