word-stats
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No patterns of instruction override, safety bypass, or role-play manipulation were detected. The instructions are focused solely on the intended text analysis task.
- Data Exposure & Exfiltration (SAFE): The skill does not access sensitive file paths, environment variables, or hardcoded credentials. No network operations (curl, wget, fetch) are present.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No package managers (pip, npm) or remote script executions (piped bash) are utilized. The skill consists entirely of natural language instructions.
- Indirect Prompt Injection (SAFE): The skill processes user-provided text in
$ARGUMENTS. - Ingestion points: Text input via
$ARGUMENTS(defined in SKILL.md). - Boundary markers: Explicit delimiters are absent, but the instruction to "immediately output stats" and "no unnecessary prose" serves as a functional constraint.
- Capability inventory: None. The skill does not include any scripts or tools for file writing, network access, or command execution.
- Sanitization: None. However, due to the total lack of capabilities, the processing of untrusted input presents no risk of exfiltration or system compromise.
Audit Metadata