skills/jeremylongshore/claude-code-plugins-plus-skills/guidewire-enterprise-rbac/Gen Agent Trust Hub
guidewire-enterprise-rbac
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or security bypass instructions were detected in the skill content.
- [COMMAND_EXECUTION]: The skill requests access to the
Bashtool withcurlcapabilities. The provided instructions use this for legitimate interactions with Guidewire APIs as part of the intended RBAC implementation, with no evidence of command injection or malicious payload construction. - [INDIRECT_PROMPT_INJECTION]: The skill describes a system for processing external security tokens and user data.
- Ingestion points:
SKILL.mdcontains code snippets for extracting security context from JWT payloads and processing user roles. - Boundary markers: The provided templates include authorization middleware (
requireApiRole) and validation logic to delimit untrusted input. - Capability inventory: The skill uses
Bash(curl:*),Read,Write,Edit, andGreptools. - Sanitization: The implementation patterns include audit logging (
auditPermissionDenial) and structured permission verification logic to handle external inputs safely.
Audit Metadata