constitution-validator-agent
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns, prompt injections, or unauthorized data access were detected. The skill is designed as a defensive layer for a trading system.
- [DATA_EXFILTRATION] (SAFE): While the skill mentions Telegram notifications for critical alerts, no credentials, API keys, or exfiltration logic are present. The network interaction is consistent with the stated purpose of alerting a human operator.
- [COMMAND_EXECUTION] (SAFE): The skill includes a
SystemFreezeexception and integrity verification logic. These are defensive security features intended to halt the system if core configuration files are modified, rather than malicious command execution. - [INDIRECT_PROMPT_INJECTION] (LOW): The agent processes external 'proposals' and 'context' data. Although this is an ingestion surface for untrusted data, the agent's primary purpose is to act as a validator that strictly enforces a fixed 'Constitution,' effectively mitigating injection risks by rejecting non-compliant inputs.
Audit Metadata