compliance-management
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides comprehensive logic for tracking regulations, certifications, and trade compliance without using any sensitive system calls, network communication, or persistent file operations.\n- [PROMPT_INJECTION]: The skill's functions process data that could be influenced by external actors, creating an indirect prompt injection surface.\n
- Ingestion points: The
add_product,add_supplier, andclassify_productmethods inSKILL.mdaccept arbitrary string inputs for product descriptions, supplier names, and material compositions.\n - Boundary markers: There are no boundary markers or explicit instructions provided to the agent to ignore potentially malicious instructions embedded within these data fields.\n
- Capability inventory: The skill contains no dangerous capabilities; it lacks any code to perform network requests, spawn subprocesses, or write to the local file system.\n
- Sanitization: The implementation does not include any validation, escaping, or sanitization logic for the string inputs processed by the compliance and trade management classes.
Audit Metadata