bridge-commons
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill defines agent prompt templates in SKILL.md that interpolate potentially untrusted data fields such as task_description and scope without explicit boundary markers or sanitization guidelines.
- Ingestion points: bridge_input fields in SKILL.md.
- Boundary markers: Absent from the provided agent prompt templates.
- Capability inventory: The skill describes the orchestration of CLI tools and file system writes to output directories.
- Sanitization: No sanitization or escaping of external content is mentioned in the contract.
- [NO_CODE]: The skill is a reference document providing a contract and is not a runnable or invocable skill.
Audit Metadata