compliance-check
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns such as credential theft, remote code execution, or persistence mechanisms were identified across the 6 analyzed files.
- [COMMAND_EXECUTION]: The skill utilizes tools such as Read, Glob, and Grep to process documentation and manage files within a dedicated '_workspace/' directory. These operations are consistent with the skill's stated purpose of auditing and reporting.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external documents for compliance and ESG analysis, which introduces a surface for indirect prompt injection. * Ingestion points: Documents are ingested via the Read tool in the audit-report and compliance-checker harnesses. * Boundary markers: No specific delimiters are defined in the instructions to isolate processed text from agent instructions. * Capability inventory: The agent has file system access (read/write in workspace) and the ability to invoke reasoning tools. * Sanitization: No explicit content validation or sanitization is described before analysis.
Audit Metadata