composable-primitives
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to bypass safety filters, extract system prompts, or override agent constraints. The language is purely instructional and focused on architectural design.
- Data Exposure & Exfiltration (SAFE): No access to sensitive file paths (~/.ssh, .env) or hardcoded credentials detected. The allowed tools (Read, Grep, Glob) are restricted to standard search and read operations.
- Obfuscation (SAFE): No Base64, zero-width characters, or hex-encoded strings were found. All content is human-readable markdown.
- Unverifiable Dependencies & RCE (SAFE): The skill does not include any package files (requirements.txt, package.json) or commands that download and execute remote scripts.
- Privilege Escalation (SAFE): No use of sudo, chmod, or administrative commands that could elevate permissions.
- Persistence Mechanisms (SAFE): No modifications to shell profiles, cron jobs, or startup services are present.
- Metadata Poisoning (SAFE): Metadata fields (name, description, allowed-tools) are consistent with the instructional content of the skill.
- Indirect Prompt Injection (SAFE): While the skill describes processing external data (issues/tasks), it does not provide code that insecurely interpolates untrusted data into executable contexts. It serves as a structural framework only.
- Time-Delayed / Conditional Attacks (SAFE): No logic exists that triggers behavior based on dates, times, or specific environmental conditions.
- Dynamic Execution (SAFE): No runtime compilation, code generation, or unsafe deserialization patterns were detected.
Audit Metadata