js-google
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues were detected. The skill consists entirely of Markdown-based coding rules, templates, and metadata.
- PROMPT_INJECTION (SAFE): No instructions attempting to bypass safety filters, extract system prompts, or override agent constraints were found. The instructional content is strictly limited to technical coding best practices.
- DATA_EXFILTRATION (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network operations were identified. Code snippets provided in the 'references' directory use benign placeholder values and documentation URLs.
- REMOTE_CODE_EXECUTION (SAFE): The skill does not perform remote downloads or execute arbitrary code. It explicitly contains a high-priority security rule (
lang-no-eval.md) that instructs the agent to never useeval()or theFunctionconstructor in generated code. - DYNAMIC_EXECUTION (SAFE): No dynamic code generation or runtime compilation patterns were detected. All content is static text designed for model consumption.
Audit Metadata