agent-governance
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill is entirely defensive in nature, providing boilerplate code for blocking access to sensitive files (e.g., .env, .pem), validating bash commands against dangerous patterns (e.g., rm -rf /), and implementing audit logs.
- [Indirect Prompt Injection] (LOW): The skill describes an architecture for processing tool inputs and outputs (e.g.,
validate_bash_commands,filter_output_content). This establishes a data ingestion surface where untrusted data from tools is processed by the agent's logic. While the provided examples are defensive, this category is noted due to the inherent risk of processing untrusted data. - Ingestion points:
input_dataandtool_outputparameters in hook functions defined in SKILL.md. - Boundary markers: None shown in the logic snippets, as they are Python code rather than prompt templates.
- Capability inventory: File writing (
log_file.write) and regex matching (re.search) are used within the governance logic. - Sanitization: The skill explicitly demonstrates sanitization techniques like
startswith()checks and regex-based blocking of dangerous commands.
Audit Metadata