Skills
skills/joaquimscosta/arkhe-claude-plugins/verify-findings/Gen Agent Trust Hub

verify-findings

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security vulnerabilities were detected in the skill's instructions, examples, or workflow documentation. The behavior is consistent with the stated purpose of a developer productivity tool.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests untrusted external report files to drive its verification process.\n
  • Ingestion points: The report file path provided as an argument in SKILL.md.\n
  • Boundary markers: Not present. The instructions do not define specific delimiters or instructions to treat the report content as non-executable data.\n
  • Capability inventory: The skill uses file reading, grep for codebase search, and web research tools (search) as specified in SKILL.md and WORKFLOW.md.\n
  • Sanitization: Not present. The skill assumes the report follows a specific format and parses its content (CWEs, descriptions, file paths) directly to guide its research actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 10:55 AM