ai-product
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions or bypass attempts. The skill explicitly defines 'Prompt Injection Ignorance' as an anti-pattern and provides guidance on how to avoid it.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive paths found. The skill contains a security rule (hardcoded-api-key) designed to flag OpenAI and Anthropic keys in code being reviewed.
- [Obfuscation] (SAFE): All content is presented in cleartext; no Base64, zero-width characters, or homoglyphs detected.
- [Remote Code Execution] (SAFE): No dangerous download-and-execute patterns. The reference files provide safe coding examples using verified libraries like Zod and OpenAI.
- [Indirect Prompt Injection] (SAFE): The skill acts as a static analysis tool for code. While it analyzes untrusted input, it lacks the necessary capabilities (network, disk-write, or shell access) to be exploited via data poisoning.
- [Privilege Escalation] (SAFE): No commands related to permission changes or administrative access were identified.
Audit Metadata