compliance-policy-check
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill reads configuration and rule files from the
.claude/directory and records findings to memory files within the same project context. This is expected behavior for policy enforcement and does not involve accessing sensitive system credentials such as SSH keys, environment secrets, or AWS configurations. - [COMMAND_EXECUTION]: The provided Node.js scripts and hooks are boilerplate templates generated by a scaffolding tool. They contain only basic argument parsing and logging logic with no dangerous system calls or execution of arbitrary shell commands.
- [PROMPT_INJECTION]: The instructions in SKILL.md define a strict workflow for policy evaluation and do not contain patterns designed to bypass safety filters, extract system prompts, or override agent constraints.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from local rule files (
.claude/rules/). While this represents a surface for indirect instructions, the skill lacks the high-privilege capabilities (like network access or arbitrary code execution) necessary to facilitate a high-impact injection attack.
Audit Metadata