pubfi-dsl-server-contract
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): The content consists of technical specifications and contains no instructions aimed at overriding agent behavior or bypassing safety filters.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network communication patterns were identified.
- Remote Code Execution (SAFE): The files do not contain commands for downloading external scripts or executing arbitrary code.
- Indirect Prompt Injection (LOW): The skill defines an interface for processing external data (Ingestion points: POST /v1/dsl/query in references/contract.md). It includes specific defensive requirements like rejecting unknown fields (Boundary markers), limiting capabilities to document retrieval (Capability inventory), and mandating the exclusion of SQL/raw DSL (Sanitization).
- Obfuscation (SAFE): All text is provided in clear markdown with no encoded or hidden content.
Audit Metadata