compliance-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempt to override safety filters or extract system prompts. The instructions explicitly reinforce grounding in provided documentation.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network operations are present.
- Obfuscation (SAFE): No encoded strings, homoglyphs, or hidden characters were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No external dependencies are declared, and no remote script execution patterns exist.
- Privilege Escalation (SAFE): No commands involving sudo or permission modification are present.
- Persistence Mechanisms (SAFE): No attempts to modify shell profiles or startup tasks.
- Metadata Poisoning (SAFE): The metadata is consistent with the skill's purpose.
- Indirect Prompt Injection (SAFE): While the skill is designed to help analyze user-provided policies, it lacks executable capabilities (like subprocess calls or file writing) that could be exploited via injection.
- Time-Delayed / Conditional Attacks (SAFE): No logic gates or date-based triggers detected.
- Dynamic Execution (SAFE): No use of eval, exec, or runtime compilation.
Audit Metadata