clarify
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill uses phrases like 'CRITICAL' and 'IMPORTANT' for instructional emphasis on design principles, not to bypass agent safety filters or override core instructions. No 'ignore previous instructions' patterns detected.
- Data Exposure & Exfiltration (SAFE): There are no file system operations, hardcoded credentials, or network requests (curl, wget, etc.) present in the skill.
- Obfuscation (SAFE): The content is clear markdown. No Base64, zero-width characters, or encoded strings were found.
- Remote Code Execution & Dependencies (SAFE): The skill does not include any package manifest files (package.json, requirements.txt) or commands to download/execute external scripts.
- Privilege Escalation & Persistence (SAFE): No commands related to system permissions (sudo, chmod) or persistence (cron, bashrc) are included.
- Indirect Prompt Injection (SAFE): While the skill is designed to process user-provided UI copy, it defines no tools or executable capabilities. Consequently, there is no risk of the agent performing unauthorized actions based on malicious text input.
Audit Metadata