gsc-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- No Code (SAFE): The skill consists entirely of natural language instructions and markdown templates. It does not include any Python scripts, Node.js code, or shell commands that could be used for malicious execution.
- Indirect Prompt Injection (SAFE): The skill is designed to ingest data from external files (
gsc-export.csv,sitemap.xml). While this constitutes an attack surface, the risk is negligible because the skill's logic is restricted to formatting data into markdown tables. - Ingestion points: Local
gsc-export.csvandsitemap.xmlfiles. - Boundary markers: None explicitly defined, relying on the agent's default processing of structured data.
- Capability inventory: The skill only performs text transformation and file updates; no network or system-level capabilities are invoked.
- Sanitization: No specific sanitization logic is provided, which is acceptable given the low-privilege markdown generation context.
Audit Metadata