iso27001-gap-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (LOW): Potential Indirect Prompt Injection Surface. The skill is designed to ingest and analyze security data and has access to high-privilege tools. 1. Ingestion points: Security/compliance documentation or user requests provided to the agent for gap analysis. 2. Boundary markers: None defined in the SKILL.md to protect the agent from instructions embedded in analyzed documents. 3. Capability inventory: Bash, Read, Write, Edit, Grep. 4. Sanitization: None defined within the skill instructions.
- [Command Execution] (SAFE): The skill requests the Bash tool. While powerful, there is no evidence of malicious command execution or script generation within the provided skill file itself.
Audit Metadata