security-compliance
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE] (SAFE): The skill consists of instructional markdown documentation. It contains no executable code, scripts, or binary files.
- [NO_CODE] (SAFE): The absence of code within the skill prevents the execution of malicious commands or unauthorized network operations.
- [PROMPT_INJECTION] (SAFE): The skill handles untrusted external data (e.g., CodeQL and Dependabot findings), which is a surface for indirect prompt injection. However, the lack of tool capabilities within the skill mitigates this risk. Ingestion points: CodeQL/Dependabot alerts; Boundary markers: absent; Capability inventory: none; Sanitization: absent.
Audit Metadata