formula-derivation
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill correctly limits its scope to local project files and standard mathematical derivation tasks.
- [PROMPT_INJECTION]: While an indirect prompt injection surface is theoretically present due to reading local notes, it is a byproduct of the primary intended functionality and common for RAG-based tools. 1. Ingestion points: Step 1 uses Read, Grep, and Glob to process local notes and user-specified files. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the read files are defined. 3. Capability inventory: The skill possesses local Read, Write, and Edit tools but lacks network access or high-privilege commands. 4. Sanitization: The instructions do not specify validation of the content retrieved from external files before processing.
Audit Metadata