finding-mentors-sponsors
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions designed to bypass agent constraints were detected. The skill includes explicit boundaries, such as refusing requests for mass-spam outreach.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file access, or network operations (curl, wget) were found. The intake process includes explicit warnings against providing confidential or private HR information.
- [Obfuscation] (SAFE): The content is entirely human-readable with no detected Base64, zero-width characters, or other encoding tricks.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external packages or remote script execution patterns were identified. The skill consists solely of documentation and prompt logic.
- [Indirect Prompt Injection] (SAFE): While the skill processes user-provided career context to generate outreach templates (ingestion point: INTAKE.md), it lacks the capabilities (network, file-write, or shell execution) to be leveraged for a meaningful attack. The output is intended for user review and manual copy-pasting.
Audit Metadata