geo-fundamentals
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill performs local file analysis using standard Python libraries (pathlib, re, sys, json) and does not engage in any suspicious activities.
- [DATA_EXPOSURE] (SAFE): While the script reads project files, it is restricted to the local file system and does not make any network calls to exfiltrate data.
- [COMMAND_EXECUTION] (SAFE): The script executes locally to process files but does not spawn dangerous subprocesses or utilize shell injection points. It adheres to the allowed-tools list (Read, Glob, Grep).
- [INDIRECT_PROMPT_INJECTION] (LOW): The script ingests untrusted content from web pages for analysis. While it uses regex for pattern matching rather than interpreting content, a theoretical surface for indirect prompt injection exists if the agent subsequently processes malicious instructions found in the audited files. 1. Ingestion points: scripts/geo_checker.py reads project files via Path.read_text. 2. Boundary markers: Absent; the script processes raw file content. 3. Capability inventory: Limited to Read, Glob, and Grep tools. 4. Sanitization: None; the script performs regex-based analysis on raw text.
Audit Metadata