taste-and-craft
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): The instructions are focused on guiding the agent's behavior for domain-specific analysis. There are no patterns suggesting attempts to bypass safety filters or override system constraints.
- [Data Exposure & Exfiltration] (SAFE): No file system access, network requests, or hardcoded credentials were detected. The skill operates entirely within the provided context.
- [Obfuscation] (SAFE): All content is in plain text. No Base64, zero-width characters, or other encoding techniques were found.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not include any scripts (Python, Node.js, etc.) or external package requirements. There are no remote download or execution patterns.
- [Privilege Escalation] (SAFE): No commands related to administrative access or system-level modification are present.
- [Persistence Mechanisms] (SAFE): No attempts to modify shell profiles, cron jobs, or startup services were detected.
- [Indirect Prompt Injection] (INFO): The skill is designed to process untrusted user data (specifically code files like *.ts, *.js, *.css). While this constitutes an attack surface, the skill's capabilities are limited to providing descriptive feedback (display-only), presenting negligible risk of side effects or exfiltration.
- [Dynamic Execution] (SAFE): The skill uses static regex patterns for validation and does not employ any dynamic code generation or unsafe deserialization.
Audit Metadata