geojson-wkt
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of Markdown documentation and SQL snippets. There are no executable scripts, binaries, or automated tasks that could pose a runtime risk.
- [Indirect Prompt Injection] (LOW): While the skill defines how to process untrusted external data (WKT strings), it presents no direct risk. 1. Ingestion points: External JSON data enters via the $1 parameter in the SQL templates defined in SKILL.md. 2. Boundary markers: Present; the SQL patterns use native database parameterization ($1::jsonb), providing separation between data and logic. 3. Capability inventory: None; no subprocess calls, exec/eval, file-write, or network operations are present in the skill files. 4. Sanitization: Present; the SQL patterns rely on the database's internal geometry parser (ST_GeomFromText) to validate WKT input, which triggers errors for malformed strings.
Audit Metadata