user-onboarding
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): The skill follows a standard instructional format. No attempts to bypass safety filters, extract system prompts, or override agent behavior were detected.
- Data Exposure & Exfiltration (SAFE): No hardcoded secrets or sensitive file paths are present. The skill includes specific instructions in SKILL.md and INTAKE.md to not request or provide PII or secrets.
- Remote Code Execution (SAFE): There are no commands or scripts for downloading or executing remote content.
- Command Execution (SAFE): The skill contains no shell commands, subprocess calls, or system-level operations.
- Indirect Prompt Injection (SAFE): While the skill ingests user-provided product data, it lacks the technical capabilities (file writing, API calls, or code execution) required to turn an injection into a functional exploit.
- Obfuscation (SAFE): No encoded content, zero-width characters, or homoglyphs were detected across any of the 9 files.
Audit Metadata