security-review
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): No instructions to override safety filters or reveal system prompts were detected.
- DATA_EXFILTRATION (SAFE): No hardcoded credentials, sensitive file path access, or network operations (curl/wget) were found.
- REMOTE_CODE_EXECUTION (SAFE): No package installations or remote script execution patterns are present.
- INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to analyze untrusted code (Ingestion: trigger phrases like 'audit this'). While no boundary markers are defined, the skill has no capabilities (Capability Inventory: no subprocesses, exec/eval, file-write, or network ops) and thus no exploitation surface exists despite the lack of sanitization.
Audit Metadata