attack-tree-construction
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security threats were detected in this skill. The skill provides static templates and instructions for security professionals to model attack scenarios.
- [DATA_EXPOSURE_AND_EXFILTRATION]: No network operations, file system access to sensitive paths, or hardcoded credentials were found. All data processing is local and focused on user-provided modeling data.
- [REMOTE_CODE_EXECUTION]: The skill does not perform any remote code execution or download external scripts. The Python code provided in the resources file consists of static data model templates using standard libraries (dataclasses, enum, json).
- [PROMPT_INJECTION]: Instructions are focused on the stated purpose of attack tree construction and do not contain patterns typical of prompt injection or safety bypass attempts.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill processes user-defined attack goals and scenario descriptions to build the tree structure in
resources/implementation-playbook.md. - Boundary markers: Not explicitly defined in the templates, as they are meant for data structuring.
- Capability inventory: The skill includes Python logic for calculating path metrics and exporting to JSON/Mermaid/PlantUML formats. No subprocess calls or network operations are present.
- Sanitization: Standard Python typing and enum validation are used in the templates to enforce structure.
Audit Metadata