deck-refresh
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions are focused on legitimate document processing tasks. It implements a multi-phase workflow with a mandatory human-in-the-loop approval gate (Phase 3) before any file modifications occur, which is a strong safety practice.- [PROMPT_INJECTION]: No evidence of prompt injection, role-play bypasses, or instructions to ignore safety guidelines were found. While the skill processes external data from decks and spreadsheets (indirect prompt injection surface), it treats this data as passive values to be mapped and requires user verification of the mapping before execution.- [DATA_EXFILTRATION]: The skill does not contain any network operations, hardcoded credentials, or patterns suggesting the exfiltration of user data.- [REMOTE_CODE_EXECUTION]: The skill does not download external scripts or packages, nor does it use dynamic execution functions like eval or subprocess for untrusted input.
Audit Metadata