compliance-testing
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted code and metadata during compliance evaluation, creating an entry point for indirect prompt injection. * Ingestion points: Test fixtures in
evals/compliance-testing.yaml. * Boundary markers: Not identified. * Capability inventory: Usesjq,node,python3, and database commands. * Sanitization: No explicit filtering documented. - [EXTERNAL_DOWNLOADS]: The skill requires standard system tools like
jq,node, andpython3for its evaluation environment. - [COMMAND_EXECUTION]: The skill performs database queries and API operations to validate regulatory controls such as encryption and data deletion.
Audit Metadata