soc2-prep
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions are purely informational and do not include any executable scripts, command line operations, or network requests.
- [PROMPT_INJECTION]: The skill ingests untrusted data from the 'startup-context' file to perform its analysis, which represents a surface for indirect prompt injection. However, the skill lacks any dangerous capabilities (such as subprocess execution or file writing) that could be leveraged for an exploit.
- Ingestion points: Data is read from 'startup-context' as specified in the skill metadata.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt.
- Capability inventory: The skill is limited to text generation; no system-level or network capabilities are defined.
- Sanitization: No input sanitization or validation logic is implemented.
Audit Metadata