geb-protocol
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists exclusively of markdown documentation and code examples. No functional code, scripts, or automation hooks are included in the provided files. While the description mentions a 'hook' that triggers when folders are created, the implementation of such a hook is not present in the analyzed files.
- [DATA_EXFILTRATION] (SAFE): No patterns for data collection, credential access, or external communication were identified. The protocol focuses on internal project metadata.
- [PROMPT_INJECTION] (SAFE): The instructions define how an AI should interpret and maintain metadata (Input/Output/Pos) for navigation. There are no attempts to bypass safety guardrails or subvert agent behavior.
- [INDIRECT_PROMPT_INJECTION SURFACE] (SAFE): A surface for Indirect Prompt Injection (Category 8) exists because the agent is instructed to read and rely on metadata from files like
_dir.mdand code headers. - Ingestion points:
_dir.mdfiles and source code header comments. - Boundary markers: Absent (instructions are read directly from the metadata format).
- Capability inventory: None (the skill provides no tools, scripts, or network capabilities).
- Sanitization: Not defined (the AI is expected to trust the metadata for navigation purposes).
Audit Metadata