building-a-promotion-case
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): No instructions designed to bypass safety filters or override agent behavior were detected. The skill uses standard instructional language for its intended career-coaching purpose.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths are present. There are no network-capable commands (like curl or wget). The skill explicitly instructs users to avoid sharing PII and to redact confidential company information.
- Obfuscation (SAFE): The content is clear-text Markdown. No Base64, zero-width characters, or hex-encoded strings were found.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill contains no scripts, binaries, or package manager files (e.g., package.json, requirements.txt). It is a 'no-code' skill that relies on the LLM's reasoning over provided templates.
- Indirect Prompt Injection (LOW): The skill provides a surface for indirect injection by processing user-supplied project descriptions and company rubrics. However, since the skill has no 'write' or 'network' capabilities, the risk is negligible, and it includes safety instructions for data sanitization.
Audit Metadata