fundamentals
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (SAFE): No direct attempts to override agent instructions or bypass safety filters were found in the skill content.\n- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or unauthorized data transmission patterns were detected.\n- Obfuscation (SAFE): The content is clear and uses no encoding or hidden characters.\n- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill uses standard local scripts without external dependencies or remote execution.\n- Indirect Prompt Injection (LOW): The
validate-fundamentals.jsutility processes external JavaScript files and echoes found code snippets to the console, which represents an indirect injection surface.\n - Ingestion points:
validate-fundamentals.jsreads code from local files provided as arguments in thevalidateFilefunction.\n - Boundary markers: Absent; the script does not wrap output in security delimiters or provide warnings to the agent.\n
- Capability inventory: The script has
fs.readFileSync(file read) andconsole.log(output to agent) capabilities.\n - Sanitization: None; the script displays regex-matched strings from the input file directly without escaping or filtering.
Audit Metadata