building-team-culture
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Prompt Injection] (SAFE): Analysis of SKILL.md and related reference files shows no attempts to bypass safety filters, extract system prompts, or override agent behavior. The instructions use standard natural language for task guidance.
- [Data Exposure & Exfiltration] (SAFE): The skill demonstrates security best practices by explicitly instructing the agent to avoid requesting secrets or PII in SKILL.md and references/INTAKE.md. No patterns for sensitive file access or unauthorized network requests were found.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No package managers or remote script execution patterns are present. The skill is entirely composed of Markdown and JSON metadata.
- [Indirect Prompt Injection] (LOW): The skill is designed to process user-provided artifacts and symptoms. While this creates a theoretical surface for indirect injection (Ingestion: user artifacts in SKILL.md; Boundaries: absent; Capabilities: prompt-only; Sanitization: PII/anonymization instructions in SKILL.md), the skill lacks the capabilities necessary to weaponize such an attack.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyphs were detected across the 9 files.
- [Privilege Escalation & Persistence] (SAFE): There are no commands related to acquiring system privileges or maintaining unauthorized access.
Audit Metadata