skill-smith
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No evidence of jailbreak attempts, safety bypasses, or instructions to ignore previous rules. The skill uses 'Iron Laws' and 'Workflow' constraints to maintain its own operational logic, which is benign behavior.
- [DATA_EXFILTRATION]: No sensitive file access or unauthorized network operations were detected. The skill only processes user-provided requirements for the purpose of skill creation.
- [REMOTE_CODE_EXECUTION]: There are no patterns suggesting the download or execution of remote scripts or binaries. Installation instructions in the README are for the platform's CLI tool and target the author's own repository.
- [COMMAND_EXECUTION]: The skill does not invoke dangerous shell commands, attempt privilege escalation, or implement persistence mechanisms.
- [OBFUSCATION]: All analyzed files contain clear, plain-text markdown and YAML. No encoded strings, hidden characters, or homoglyph substitutions were found.
- [INDIRECT_PROMPT_INJECTION]: The skill's architecture for processing user input (Step 1) lacks exploitable capabilities like file-system writes or network access, making it resilient to indirect injection attacks.
Audit Metadata