security-bluebook-builder
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to guide the user through a series of questions to generate a security 'Blue Book' document. It does not perform any network operations, file system modifications (beyond reading its own template), or command executions.
- [DATA_EXPOSURE]: The workflow includes a specific guardrail (Step 3) instructing the agent not to include secrets, tokens, or internal credentials in the generated output, which aligns with security best practices.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests user-provided information about application architecture and data handling, it lacks any executable capabilities or tools that could be abused. The risk of the agent being manipulated through these inputs is minimal and limited to the quality of the generated text.
- [EXTERNAL_DOWNLOADS]: The skill only references an internal template file (
references/bluebook_template.md) and does not attempt to fetch content from any external URLs.
Audit Metadata