spec-to-code-compliance
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a specialized auditing workflow for blockchain security and does not contain any malicious code, hidden instructions, or suspicious network activities.
- [PROMPT_INJECTION]: The instructions include robust 'Global Rules' and 'Anti-Hallucination Requirements' that prevent the model from inferring unspecified behavior or relying on prior knowledge. This serves as a strong defense against instruction-override attempts.
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data from external sources, which is an inherent surface for indirect prompt injection. However, the methodology mitigates this risk by requiring a mandatory evidence chain and structured Intermediate Representations (IR).
- Ingestion points: Processes various external file formats including whitepapers (PDF, MD, DOCX), codebase files, and design notes (SKILL.md).
- Boundary markers: Utilizes strict separation of phases (extraction, alignment, classification) and requires exact citations for all claims.
- Capability inventory: Performs semantic analysis and structured report generation; it does not involve subprocess execution, code evaluation, or network transmissions.
- Sanitization: Enforces 'Literal, pedantic, and exhaustive' reasoning standards to ensure that only documented or implemented behaviors are reflected in the final audit report.
Audit Metadata