vuln-assessment
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The instructions define clear workflows for retrieving security audit information and do not contain any instructions to bypass safety filters or ignore previous rules.
- Data Exposure & Exfiltration (SAFE): No sensitive file paths, hardcoded credentials, or network exfiltration patterns were detected. The skill only references internal documentation files provided within the skill package.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not perform any external package installations or remote script executions. It is a purely information-retrieval based skill.
- Command Execution (SAFE): While the skill provides examples of commands for the user to run (e.g., 'cat /etc/ssh/sshd_config'), these are presented as instructional text for the user to perform on their own systems as part of an audit and are not executed by the agent itself.
- Indirect Prompt Injection (SAFE): The skill reads from local static markdown files. While it processes user keywords for searching, it does not ingest untrusted data from external URLs or APIs that could manipulate the agent's behavior.
Audit Metadata