behavioral-modes
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): While the skill uses strong directives such as 'CRITICAL' and 'IMPORTANT', these are used to define internal quality standards (e.g., 'Use clean-code skill standards') rather than attempting to override the agent's core safety instructions or bypass filters.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file paths were detected. The skill uses read-only tools (
Read,Glob,Grep) and lacks any network capabilities (e.g.,curl,fetch) to exfiltrate data. - [Indirect Prompt Injection] (LOW):
- Ingestion points: The skill utilizes
Read,Glob, andGrepto ingest untrusted file content into the agent's context. - Boundary markers: Absent. There are no explicit delimiters or instructions to ignore embedded commands in the data being read.
- Capability inventory: The skill is restricted to file reading tools; it does not authorize subprocess execution, file-writing, or network operations.
- Sanitization: Absent. Content from the filesystem is processed directly into the agent's reasoning loop.
- [No Code] (SAFE): The skill is entirely composed of markdown instructions and does not include any accompanying scripts, binaries, or configuration files that could execute code.
Audit Metadata