senior-ml-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The documentation contains only standard instructional text and no commands attempting to bypass agent safety or override system instructions.
- Data Exposure & Exfiltration (SAFE): No credentials, sensitive file paths, or network exfiltration patterns were found. Scripts only perform basic logging and status output.
- Obfuscation (SAFE): No Base64, zero-width characters, or other encoding techniques are used to hide content.
- Unverifiable Dependencies & Remote Code Execution (SAFE): There are no remote script downloads or installations of external packages from untrusted sources.
- Privilege Escalation (SAFE): No usage of sudo, chmod, or other administrative privilege commands was identified.
- Persistence Mechanisms (SAFE): The skill does not attempt to modify system configuration files or startup routines.
- Metadata Poisoning (SAFE): Metadata fields like name and description accurately reflect the skill's technical content.
- Indirect Prompt Injection (SAFE): Although scripts accept input parameters, there is no logic to process or execute untrusted data in a way that would create a vulnerability surface.
- Time-Delayed / Conditional Attacks (SAFE): No time-based or environment-based logic gates were found in the scripts.
- Dynamic Execution (SAFE): The scripts do not use dynamic evaluation functions like eval(), exec(), or unsafe deserialization methods.
Audit Metadata