open-source-license
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill identifies a potential surface for indirect prompt injection as it is designed to analyze user-provided project files (e.g., LICENSE, README) for compliance review. However, the risk is negligible because the agent's workflow is purely informational and it lacks high-risk capabilities like network access or system command execution. Ingestion points: Compliance workflow in SKILL.md. Boundary markers/Sanitization: None.
- Obfuscation (SAFE): Analysis of all 9 markdown files confirms the absence of Base64 encoding, zero-width characters, homoglyphs, or other obfuscation techniques.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials (API keys, tokens), sensitive file path access (SSH, AWS credentials), or unauthorized network operations were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not define or install external dependencies and contains no remote script execution patterns (e.g., curl|bash). It provides only informational examples of common development tools for manual user use.
Audit Metadata