sounds-on-the-web
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains only functional instructions for code auditing. There are no attempts to override agent behavior, bypass safety filters, or extract system prompts.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file paths, hardcoded credentials, or network operations (curl, wget, etc.) are present in the skill.
- [Remote Code Execution & Dependencies] (SAFE): No external package installations (npm, pip) or remote script executions are defined. The code snippets provided are illustrative examples for the LLM to use during its audit.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest untrusted source code for auditing. While this creates a surface for indirect prompt injection via malicious comments in the audited files, the skill lacks the capabilities (like file writing or network access) to perform a successful exploit. Furthermore, no boundary markers are defined for the input, which is a standard best practice violation but not a direct threat here.
Audit Metadata