accept-no-substitutes
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes local scripts (detect.py, validate.sh) to perform its validation logic. These scripts are self-contained and do not perform any dangerous system operations.
- [EXTERNAL_DOWNLOADS] (SAFE): No external dependencies are downloaded at runtime. The skill relies on standard tools like python3, grep, and optionally tree-sitter if present on the system.
- [DATA_EXFILTRATION] (SAFE): There are no network operations or attempts to access sensitive system files (e.g., SSH keys, credentials). Data processing is limited to scanning the agent's own output.
- [PROMPT_INJECTION] (SAFE): The skill instructions are focused on enforcement and quality control. There are no attempts to bypass safety filters or override system prompts.
- [DYNAMIC_EXECUTION] (SAFE): While validate.sh uses a short Python one-liner for a compression test, the code is statically defined and does not incorporate untrusted input in an executable way.
Audit Metadata