shader-programming
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to bypass safety filters or override system prompts were found. The 'Identity' section focuses exclusively on domain-specific expertise.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network operations were identified. The skill operates entirely on provided code snippets.
- Obfuscation (SAFE): All content is provided in plain-text markdown and YAML. No Base64, zero-width characters, or other encoding techniques were used to hide instructions.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not define external package dependencies or use remote execution patterns like curl-to-bash.
- Privilege Escalation & Persistence (SAFE): There are no commands related to system permissions, sudo, or maintaining access across sessions.
- Metadata Poisoning (SAFE): The metadata fields (name, description, tags) accurately reflect the skill's purpose without deceptive instructions.
- Indirect Prompt Injection (SAFE): While the skill is designed to process user-provided shader code (untrusted data), it lacks dangerous capabilities such as file-system writes, network access, or shell execution, neutralizing the attack surface.
- Dynamic Execution (SAFE): The validation patterns are static regular expressions used for identifying performance issues in shader source code; no runtime code generation or unsafe deserialization occurs.
Audit Metadata