delegating-work
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): The skill consists of management frameworks and instructional templates. No patterns were found that attempt to override AI safety filters or system instructions.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. The skill operates solely on context provided by the user in-session.
- Obfuscation (SAFE): All skill content is provided in cleartext Markdown. No Base64, Unicode homoglyphs, or zero-width characters were identified.
- Remote Code Execution (SAFE): No external scripts are downloaded or executed. The skill does not use package managers or dynamic code generation techniques.
- Indirect Prompt Injection (SAFE): The skill ingests user-supplied project descriptions (Ingestion points: README.md). While no explicit boundary markers or sanitization logic are present (Boundary markers: absent; Sanitization: absent), the skill lacks any executable capabilities, file system operations, or network access within its defined scripts (Capability inventory: none). This absence of dangerous capabilities neutralizes the injection surface.
Audit Metadata