data-story-outliner
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Command Execution] (SAFE): No executable code or shell scripts are provided in the skill files. Although 'Bash' and 'Grep' are listed in the allowed tools, there are no commands defined that utilize them.
- [Data Exfiltration] (SAFE): No network-capable code or access to sensitive local files (e.g., SSH keys, environmental variables) was detected.
- [Remote Code Execution] (SAFE): No package installations or remote script downloads are performed.
- [Indirect Prompt Injection] (LOW): The skill is designed to handle data analytics tasks such as SQL queries and statistical analysis. This creates a surface for processing untrusted data, but no exploitable capabilities are exposed in the static definition. Evidence: 1. Ingestion points: SQL queries and data patterns mentioned in the 'When to Use' section. 2. Boundary markers: Absent. 3. Capability inventory: Read, Write, Edit, Bash, Grep. 4. Sanitization: Absent.
Audit Metadata