audit-context-building
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of instructional markdown and YAML frontmatter. It defines a rigorous methodology for code analysis, including 'First Principles', '5 Whys', and '5 Hows' at a micro scale. These instructions are designed to enhance the accuracy of code auditing rather than to compromise system security.
- [PROMPT_INJECTION]: While the skill contains instructions that govern 'how the agent thinks', these are legitimate operational guidelines for a specific task (context building for audits). There are no attempts to bypass safety filters, extract sensitive system prompts, or override platform constraints.
- [DATA_EXFILTRATION]: The skill does not contain any network-facing commands (e.g., curl, wget) or patterns that suggest sending data to external servers. It operates on code provided within the agent's context.
- [COMMAND_EXECUTION]: No shell commands, subprocess calls, or executable scripts are included or generated by this skill. It mentions a subagent 'function-analyzer', which is a platform-level delegation for task specialization and does not constitute an arbitrary command execution risk.
- [EXTERNAL_DOWNLOADS]: The skill references other markdown documentation files for examples and checklists, but it does not perform any external downloads from the internet or unverifiable remote sources.
Audit Metadata