leiloeiro-avaliacao
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill and its accompanying files do not contain any malicious code, obfuscation, or unauthorized data exfiltration patterns. The instructions are purely domain-specific for real estate professionals.
- [PROMPT_INJECTION]: The skill directs the agent to perform market research on external real estate portals like ZAP Imóveis and Viva Real. This presents a theoretical surface for indirect prompt injection from third-party data, but the risk is assessed as low due to the focus on structured data extraction (prices, areas, etc.).
- [COMMAND_EXECUTION]: The SKILL.md documentation includes example commands for running local maintenance scripts (e.g., scan_registry.py). These are benign and intended for the local developer environment setup.
- [DATA_EXFILTRATION]: A hardcoded Windows file path is present in the documentation which includes a local username. While this reveals minor metadata about the author's environment, it does not constitute a security vulnerability in the context of the skill's operation.
Audit Metadata