metronic-module
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill instructions are purely architectural and focus on code generation. No attempts to override safety filters or bypass system prompts were found.
- [Data Exposure & Exfiltration] (SAFE): All network operations (GET/POST/PUT/DELETE) in the templates are directed to a relative local API service (
/api/[entities]) within the host application. No hardcoded credentials or sensitive local file accesses (e.g., SSH keys, .env) are present. - [Remote Code Execution] (SAFE): The skill generates static React components. It does not use
eval(),exec(), or any method to download and execute arbitrary scripts from the internet. - [Persistence Mechanisms] (SAFE): No code was found that attempts to modify shell profiles, system services, or registry keys for persistence.
- [Indirect Prompt Injection] (SAFE): While the skill takes user requirements to generate code, it does not ingest untrusted external data (like web content) that could influence the agent's logic in a malicious way.
Audit Metadata