sf-flex-estimator
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions in SKILL.md focus on providing pricing guidance and architectural analysis. No patterns associated with system prompt extraction, safety filter bypass, or instruction overrides were detected.
- [DATA_EXFILTRATION]: The Python scripts (
flex_calculator.py,tier_multiplier.py,validate_estimate.py) perform local calculations based on provided JSON files. No network operations, hardcoded credentials, or access to sensitive local file paths (such as SSH keys or cloud credentials) were found. - [COMMAND_EXECUTION]: The skill documents standard CLI usage of its own internal Python scripts. It does not use
os.system,subprocess, or similar functions to execute arbitrary shell commands or user-supplied strings. - [REMOTE_CODE_EXECUTION]: There are no patterns involving remote script downloads (e.g.,
curl | bash) or installation of unverified external dependencies. - [OBFUSCATION]: The code and documentation are written in clear, human-readable text. No Base64, hex-encoding, zero-width characters, or homoglyph-based obfuscation techniques were identified.
- [DYNAMIC_EXECUTION]: The Python logic is static and uses standard libraries for JSON parsing and CLI argument handling. It does not utilize
eval(),exec(), or dynamic module loading from untrusted sources. - [EXTERNAL_DOWNLOADS]: The skill is self-contained. It does not attempt to fetch external resources or scripts during execution.
Audit Metadata