sox-compliance
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill is entirely composed of markdown files and regex definitions for compliance auditing. No executable scripts, binaries, or configuration files were detected.\n- [NO_CODE] (SAFE): All analyzed files are purely informational. There are no Python scripts, Node.js files, or shell scripts that could execute commands on the host system.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to analyze user-provided source code for compliance issues. While this exposes the agent to untrusted data, the skill possesses no dangerous capabilities such as network access or file system modification that could be leveraged by an attacker.\n
- Ingestion points: Source code files with extensions .ts, .js, .py, .sh, and .sql as defined in references/validations.md.\n
- Boundary markers: None identified in the skill instructions.\n
- Capability inventory: None; the skill lacks any subprocess, network, or file-write operations.\n
- Sanitization: Not applicable as the skill performs pattern matching for auditing purposes only.
Audit Metadata