stac-quickstart
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network requests were found in the skill definition.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references local scripts (scripts/check_environment.sh and scripts/validate_project_layout.py). No remote URLs or untrusted package installations were identified.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyph-based obfuscation techniques were detected.
- [Prompt Injection] (SAFE): The instructions do not contain any patterns aimed at bypassing AI safety filters or overriding system instructions.
- [Indirect Prompt Injection] (LOW): The skill ingests a user-provided project root path. While this is an entry point for untrusted data, the described functionality (environment and layout validation) is consistent with the skill's stated purpose and does not present a high-risk capability surface.
Audit Metadata