ip-monetization-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file access patterns were detected. A local file path is mentioned in a version log, but it is a descriptive string for documentation purposes, not an executable command.
- [Remote Code Execution] (SAFE): No package installations, remote script downloads, or dynamic execution patterns (eval/exec) were identified. The files are purely instructional text.
- [Prompt Injection] (SAFE): While the skill includes "interception logic" (拦截话术) designed to steer user behavior and enforce a specific methodology, these are persona-based instructions for the AI agent rather than attempts to bypass system safety filters or extract system prompts.
- [Indirect Prompt Injection] (LOW): The skill processes user-supplied business and career data to generate advice.
- Ingestion points: User-provided chat input regarding career, time, and goals.
- Boundary markers: None explicitly defined in the provided reference files.
- Capability inventory: No file-system, network, or subprocess capabilities are present in the provided files.
- Sanitization: Not present; however, given the lack of executable capabilities, the surface is not exploitable.
Audit Metadata