powershell-expert
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill files consist of extensive documentation, best practices, and templates for secure PowerShell automation.
- [DATA_EXFILTRATION]: The skill actively promotes secure credential handling. It includes 'Iron Laws' against hardcoding secrets and provides detailed instructions for using the Microsoft.PowerShell.SecretManagement module to retrieve credentials from secure vaults.
- [REMOTE_CODE_EXECUTION]: The skill documentation explicitly warns against the use of Invoke-Expression (IEX) with untrusted input to prevent code injection. No malicious remote code execution patterns were found in the scripts or documentation.
- [EXTERNAL_DOWNLOADS]: References to external resources are limited to trusted or well-known services, including the official PowerShell Gallery (PSGallery), Microsoft/Azure documentation, and GitHub repositories for standard tools like Pester and PSScriptAnalyzer.
- [COMMAND_EXECUTION]: Command execution patterns described (such as Start-Process or CIM instances) are standard administrative tasks. The skill provides guidance on input validation using attributes like ValidatePattern and ValidateSet to ensure these commands are executed safely.
- [PROMPT_INJECTION]: The instructions do not contain attempts to bypass AI safety guidelines or override system prompts.
Audit Metadata