Healthsafety
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): The skill is entirely composed of Markdown files outlining health and safety processes. There are no scripts (.py, .js, .sh), binaries, or configuration files that execute logic.
- [PROMPT_INJECTION] (LOW): Detected a potential surface for indirect prompt injection where the agent processes external data. 1. Ingestion points: User input fields for chemical safety data, incident descriptions, and witness statements within all four markdown files. 2. Boundary markers: The workflows use Markdown tables and headers to delineate input but lack explicit instructions to the AI agent to disregard instructions embedded within user-provided data. 3. Capability inventory: No executable capabilities, subprocess calls, file system modifications, or network access are present in the provided skill files. 4. Sanitization: No evidence of input sanitization, escaping, or validation of external content is defined in the prompt instructions.
Audit Metadata