case-justification
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill contains role-based instructions in the 'phases/' directory (e.g., 'You are executing Phase 0...'). These are standard task-alignment prompts and do not contain bypass markers, jailbreak attempts, or instructions to ignore system safety protocols.
- Data Exposure & Exfiltration (SAFE): No hardcoded secrets, API keys, or sensitive file paths (such as .ssh or .env) were found. There are no network-capable commands like curl or fetch to exfiltrate data.
- Remote Code Execution (SAFE): The skill is entirely composed of Markdown files. It does not include executable scripts, package manager commands, or dynamic execution patterns (eval/exec).
- Indirect Prompt Injection (LOW):
- Ingestion points: Phase 0 ('phases/phase0-assessment.md') instructs the agent to gather untrusted user data regarding research sites and populations.
- Boundary markers: Not explicitly defined in the provided templates.
- Capability inventory: The skill possesses no dangerous capabilities; it purely generates text based on user input with no system-level access.
- Sanitization: Not present, but the lack of executable capabilities renders this surface benign.
Audit Metadata