input-validation-checker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (SAFE): No direct instructions to bypass safety or override system behavior were found.
- Data Exposure & Exfiltration (SAFE): No credentials, secrets, or sensitive file access patterns detected.
- Obfuscation (SAFE): Content is clear and contains no hidden encoding or homoglyphs.
- Unverifiable Dependencies & RCE (SAFE): No remote scripts or unauthorized package installations identified.
- Privilege Escalation (SAFE): No requests for sudo or elevated system permissions.
- Persistence Mechanisms (SAFE): No attempts to create cron jobs or modify startup scripts.
- Metadata Poisoning (SAFE): Metadata fields are legitimate and aligned with the skill's stated purpose.
- Indirect Prompt Injection (LOW): (1) Ingestion points: Skill processes user requests and code examples for security validation (SKILL.md). (2) Boundary markers: Absent. (3) Capability inventory: Allowed tools include Bash(npm:*), Read, Write, and Grep. (4) Sanitization: Not specified in the skill logic.
- Time-Delayed / Conditional Attacks (SAFE): No time-gated or environment-triggered malicious logic detected.
- Dynamic Execution (SAFE): No runtime compilation or unsafe deserialization of untrusted data.
Audit Metadata