a-b-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill analyzes user-provided content (Markdown, Python, JS, TSX) using regex-based validation rules. Ingestion points: User input files. Boundary markers: Absent in instructions. Capability inventory: No subprocess, file system modification, or network operations found. Sanitization: Absent.
- [No Code] (SAFE): The skill contains only documentation and regex-based configuration rules; no executable scripts or binaries are included.
- [External Downloads] (SAFE): No package managers or remote code execution patterns were detected.
- [Data Exposure] (SAFE): No hardcoded credentials or access to sensitive local file paths were found.
- [Metadata Poisoning] (SAFE): The skill instructions reference a missing file 'references/sharp_edges.md', which is a best-practice violation rather than a security risk.
Audit Metadata