regulatory-affairs-head
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): Analysis of the skill metadata and documentation found no evidence of prompt injection, obfuscation, or malicious instructions. All content aligns with the stated purpose of regulatory affairs management.
- [Data Exposure & Exfiltration] (SAFE): The
regulatory_tracker.pyscript manages data in a local JSON file (regulatory_submissions.json). No network operations (curl, requests) or access to sensitive system paths (e.g., SSH keys, credentials) were detected. - [Unverifiable Dependencies & Remote Code Execution] (SAFE): The Python script uses only standard libraries (
json,datetime,typing,dataclasses,enum). There are no external package requirements or patterns suggesting remote code execution. - [Indirect Prompt Injection] (LOW): The skill possesses a data ingestion surface via the JSON tracking system. However, it lacks high-risk capabilities—such as command execution, dynamic evaluation, or network requests—that would be necessary to exploit instructions embedded in the ingested data.
- [Dynamic Execution] (SAFE): No use of
eval(),exec(), or unsafe deserialization (likepickle) was found. The script uses the safejson.load()method for data persistence.
Audit Metadata