_skillwriting
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): The instructions use terminology like 'CRITICAL' and 'IMPORTANT' to emphasize structural and formatting requirements for skill recognition, but do not attempt to bypass agent safety filters, override system instructions, or extract system prompts.
- [DATA_EXFILTRATION] (SAFE): No sensitive file paths (e.g., credentials, SSH keys) are accessed. No network operations such as curl, wget, or fetch are present.
- [REMOTE_CODE_EXECUTION] (SAFE): The skill does not download or execute remote scripts. It mentions that local scripts in the scripts/ folder are accessible, which is a documented feature of the target platform and not an inherent vulnerability.
- [COMMAND_EXECUTION] (SAFE): There are no arbitrary command execution patterns or dangerous shell commands identified.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys, tokens, or other secrets were found in the skill metadata or body.
Audit Metadata