signup-flow-cro
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Prompt Injection] (SAFE): The skill uses standard role-play instructions to establish expertise without any bypass markers or attempts to override system safety protocols.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or network operations are present. The content discusses data collection concepts in a UI/UX context but does not perform any data handling.
- [Obfuscation] (SAFE): No Base64, zero-width characters, or other encoding techniques are used to hide content.
- [Unverifiable Dependencies & RCE] (SAFE): The skill does not reference or install any external packages (Python/Node.js) or execute remote scripts.
- [Privilege Escalation] (SAFE): There are no commands related to permission changes or administrative access.
- [Persistence Mechanisms] (SAFE): No scripts or commands designed to maintain access to a system are included.
- [Metadata Poisoning] (SAFE): The metadata fields (name, description) accurately reflect the content and purpose of the skill without deceptive instructions.
- [Indirect Prompt Injection] (SAFE): While the skill is designed to analyze signup flow descriptions provided by a user, it possesses no exploitable capabilities such as file writing, network access, or command execution.
- [Time-Delayed / Conditional Attacks] (SAFE): No logic exists that would trigger behavior based on time, date, or specific environmental variables.
- [Dynamic Execution] (SAFE): The skill is entirely composed of Markdown text and does not generate or execute any dynamic code.
Audit Metadata