sdk-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The instructions define a clear professional persona and do not contain directives to ignore safety filters or reveal system prompts.
- Data Exposure & Exfiltration (SAFE): No network or file-system operations are present. The skill proactively defines rules to prevent credential exposure in user-written code.
- Remote Code Execution (SAFE): The skill does not download, install, or execute external scripts or packages.
- Obfuscation (SAFE): All skill content and validation logic are provided in cleartext without encoding or hidden characters.
- Indirect Prompt Injection (SAFE): While the skill is designed to analyze external code, it lacks the exploitable capabilities (e.g., shell access or internet connectivity) necessary to carry out a secondary attack.
- Command Execution (SAFE): No shell commands or subprocess calls are defined in the skill logic.
- Dynamic Execution (SAFE): No runtime code generation or unsafe deserialization patterns were found.
Audit Metadata