threat-modeling-expert
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [Remote Code Execution] (SAFE): The skill contains no executable scripts, shell commands, or external package dependencies.
- [Prompt Injection] (SAFE): The instructions are strictly limited to threat modeling methodology. There are no attempts to override system prompts, bypass safety filters, or extract underlying instructions.
- [Data Exposure & Exfiltration] (SAFE): No file system access or network communication capabilities are defined or requested.
- [Indirect Prompt Injection] (LOW): The skill is designed to process untrusted data (system architectures and data flow diagrams). While it lacks explicit boundary markers, it also lacks any write or execute capabilities, meaning a malicious architecture description can only influence the generated report text without further technical impact.
- [Persistence & Privilege Escalation] (SAFE): No mechanisms for maintaining access or acquiring elevated permissions are present.
Audit Metadata