license-compliance-auditor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure] (LOW): The skill requires a
project_pathinput to access local manifest files. While this is necessary for its stated purpose of auditing licenses, it defines a file system access surface. - [Indirect Prompt Injection] (LOW): The skill is designed to ingest untrusted data from external project manifests which could theoretically contain malicious instructions.
- Ingestion points: Project manifest files (e.g., package.json, requirements.txt).
- Boundary markers: None explicitly defined in the manifest configuration.
- Capability inventory: File reading and internet access for license registry lookups.
- Sanitization: Not explicitly defined in the provided schema.
Audit Metadata