nginx-c-module-perf-reliability
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to override system prompts or bypass safety filters. The language is strictly instructional and technical.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file paths (e.g., SSH keys, credentials) or network exfiltration patterns were detected. The file operations shown are standard Nginx C module API calls for serving content and logging.
- [Obfuscation] (SAFE): No Base64, zero-width characters, homoglyphs, or encoded strings were found in the markdown or code snippets.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No package installations (npm, pip) or remote script downloads (curl | bash) are present. All references are to legitimate documentation and source code repositories.
- [Privilege Escalation] (SAFE): No instances of sudo, chmod 777, or other privilege escalation techniques were identified.
- [Persistence Mechanisms] (SAFE): No attempts to modify shell profiles, cron jobs, or system services were detected.
- [Metadata Poisoning] (SAFE): Metadata in
SKILL.mdandmetadata.jsonis descriptive and consistent with the provided content. - [Indirect Prompt Injection] (SAFE): While the skill provides templates for generating C code, it does not include instructions that would encourage the agent to process untrusted data in an unsafe manner or ignore delimiters.
- [Time-Delayed / Conditional Attacks] (SAFE): No conditional logic exists that triggers malicious behavior based on dates, times, or specific environments.
- [Dynamic Execution] (SAFE): The skill provides static C code examples. No use of eval(), unsafe deserialization, or runtime code generation from untrusted sources was found.
Audit Metadata