file-reference-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to bypass safety filters or override agent behavior were found.
- Data Exposure & Exfiltration (SAFE): No sensitive file access or unauthorized network operations detected. The use of environment variables is for diagnostic and path resolution purposes.
- Obfuscation (SAFE): No hidden or encoded content found in the scripts or documentation.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No remote code downloads or untrusted package installations. Local scripts are static and part of the skill package.
- Privilege Escalation (SAFE): No commands for acquiring elevated permissions (e.g., sudo, chmod 777) were found.
- Persistence Mechanisms (SAFE): No attempts to maintain access across sessions (e.g., cron jobs, shell profile modification) were detected.
- Indirect Prompt Injection (SAFE): While the skill ingests data files, it does not interpolate untrusted content into LLM prompts. Ingestion points: Input files in data_processor.py. Capabilities: Local file write and local script execution. Sanitization: Relies on FilePathResolver as described in documentation.
- Dynamic Execution (SAFE): No unsafe use of eval(), exec(), or runtime compilation on untrusted data. Examples use safe loading methods like yaml.safe_load().
Audit Metadata