assess-ai
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of prompt-based instructions and does not include any executable scripts or binary files. All operations are limited to text processing and research via integrated tools. No privilege escalation, persistence, or obfuscation patterns were detected.
- [PROMPT_INJECTION]: The skill ingests untrusted data via the $ARGUMENTS parameter in SKILL.md. Evidence chain: 1. Ingestion point: $ARGUMENTS variable in the assessment workflow; 2. Boundary markers: Absent, the input is interpolated directly into the prompt; 3. Capability inventory: No subprocess execution, file-system writing, or network operations detected in the skill definition; 4. Sanitization: Absent. While this structure is technically vulnerable to indirect prompt injection, the impact is confined to the content of the generated report due to a lack of privileged tool access.
Audit Metadata