scpr-framework
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): The skill uses natural instructional language to define a communication framework. There are no patterns attempting to bypass safety filters or override system instructions.
- Data Exposure & Exfiltration (SAFE): No sensitive file paths, hardcoded credentials, or network communication commands (e.g., curl, wget) are present.
- Obfuscation (SAFE): No Base64, zero-width characters, or encoded content was detected. The text is plain markdown.
- External Downloads & Remote Code Execution (SAFE): No external package dependencies or remote script execution patterns were found.
- Indirect Prompt Injection (INFO): The skill processes user-provided business scenarios (untrusted data) to apply the SCPR framework. However, the skill has no 'write' or 'execute' capabilities (no subprocess calls, no network access, no file modification), making the risk of exploitation negligible.
- Privilege Escalation & Persistence (SAFE): No administrative commands (sudo) or system persistence mechanisms (cron, shell profiles) are included.
Audit Metadata