scamper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions were found that attempt to bypass safety filters, override system prompts, or extract internal instructions.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive local files, use hardcoded credentials, or perform network requests.
- [Obfuscation] (SAFE): No use of Base64, zero-width characters, or other encoding techniques to hide malicious intent.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external packages are referenced, and no remote script execution patterns (like curl-to-bash) are present.
- [Privilege Escalation] (SAFE): No commands involving sudo, chmod, or system-level configuration changes.
- [Persistence Mechanisms] (SAFE): No attempts to modify startup scripts, cron jobs, or registry keys.
- [Metadata Poisoning] (SAFE): All metadata fields are consistent with the skill's stated purpose of creative exploration.
- [Indirect Prompt Injection] (SAFE): While the skill processes user-defined subjects, it lacks any dangerous capabilities (e.g., shell access, file writes) that could be leveraged by an attacker via processed data.
- [Time-Delayed / Conditional Attacks] (SAFE): No logic exists that triggers behavior based on time, environment variables, or other conditions.
- [Dynamic Execution] (SAFE): The skill is entirely static Markdown; it does not use eval, exec, or generate code at runtime.
Audit Metadata