Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/cursor-compliance-audit/Gen Agent Trust Hub

cursor-compliance-audit

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFENO_CODECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is composed of documentation, audit procedures, and checklists for compliance reviews. No malicious logic, obfuscation, or data exfiltration attempts were detected during the analysis of the 8 provided files.
  • [NO_CODE]: The skill does not ship with any executable scripts (e.g., .py, .js, .sh). It relies entirely on markdown instructions and text-based references.
  • [COMMAND_EXECUTION]: The skill references local security tools such as git secrets and trufflehog in references/audit-tools.md. These commands are passive and intended for local auditing purposes.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is designed to analyze untrusted data from the user's codebase.
  • Ingestion points: The skill reads local project files, git logs, and configuration settings as described in SKILL.md and references/audit-tools.md.
  • Boundary markers: Absent. The instructions do not provide explicit delimiters to separate user data from internal logic.
  • Capability inventory: The skill has access to high-privilege tools including Read, Write, Edit, and Bash as specified in the SKILL.md frontmatter.
  • Sanitization: Absent. The skill does not implement validation or escaping for the data ingested from the user's environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 06:24 AM