moat-building
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No security issues were identified in the skill instructions or reference files. The skill operates as a static analyzer for business strategy.
- [Indirect Prompt Injection] (SAFE): The skill identifies a vulnerability surface by ingesting and analyzing untrusted user source code (specified in
references/validations.md). However, this is classified as SAFE because the skill's actions are restricted to providing textual recommendations and it lacks high-risk capabilities like network access or command execution. - Ingestion points: User source code files matching various patterns such as
**/*.tsx,**/*.ts, and**/App.tsx. - Boundary markers: Not explicitly defined in the provided instruction set.
- Capability inventory: Static regex analysis and generation of strategic advice; no file-writing, network-sending, or execution capabilities were found.
- Sanitization: No specific sanitization or escaping of the analyzed content is performed.
- [No Code] (SAFE): The skill does not include any executable scripts (Python, JavaScript, Bash, etc.) or external dependencies, significantly reducing the attack surface.
Audit Metadata