leverage-point-audit
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill is strictly instructional and relies on read-only tools (Read, Grep, Glob). It does not attempt to modify files or execute arbitrary code.
- [DATA_EXFILTRATION] (SAFE): No network-enabled tools or external URLs are referenced in the skill. There is no mechanism for data exfiltration.
- [REMOTE_CODE_EXECUTION] (SAFE): The skill does not download external scripts or packages. It operates entirely on local project files.
- [PROMPT_INJECTION] (SAFE): The instructions are focused on structured auditing and do not contain patterns typical of prompt injection or safety bypass attempts.
- [INDIRECT_PROMPT_INJECTION] (LOW): Surface analysis:
- Ingestion points: Reads arbitrary codebase files (README.md, source code, etc.).
- Boundary markers: None explicitly defined for untrusted content.
- Capability inventory: Limited to Read, Grep, and Glob.
- Sanitization: Not present, but impact is negligible due to the lack of write or execution capabilities.
Audit Metadata