netsuite-suitescript-upgrade
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate development tool provided for the NetSuite platform. It operates on a transformation-based logic using static reference data.
- [PROMPT_INJECTION]: No evidence of prompt injection or behavior override instructions was found in the skill instructions or reference materials.
- [DATA_EXFILTRATION]: There are no hardcoded credentials, sensitive file path accesses, or suspicious network operations. References to NetSuite's internal modules (e.g., N/http, N/https) are contextually appropriate for the platform's functionality.
- [REMOTE_CODE_EXECUTION]: The skill does not perform any remote code execution, nor does it download or install external dependencies or packages at runtime.
- [OBFUSCATION]: No obfuscated content, multi-layer encoding, or hidden characters were detected in any of the skill files.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes user-supplied scripts (ingestion point), it includes a 'SafeWords' section that explicitly instructs the agent to treat retrieved content as untrusted and ignore embedded instructions, which is a significant security best practice for this type of tool.
Audit Metadata