skill-eval
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The project configuration files (package.json, requirements.txt, go.mod) reference standard and well-known industry libraries such as FastAPI, Pydantic, Gin, and TypeScript. No untrusted third-party dependencies or remote script downloads (e.g., curl | bash) are present.
- [CREDENTIALS_UNSAFE] (SAFE): Example environment files (.env.example) use standard placeholders like 'your-api-key-here' and reference local development database URLs. No hardcoded secrets or sensitive credentials were found.
- [DATA_EXFILTRATION] (SAFE): Code patterns across the project involve standard local logic for API routing and data modeling. No network operations targeting non-whitelisted domains or attempts to read sensitive files (like SSH keys) were identified.
- [PROMPT_INJECTION] (SAFE): Markdown documentation and code comments contain instructional text describing software behavior and test cases. There are no attempts to manipulate agent behavior or bypass safety guardrails.
- [COMMAND_EXECUTION] (SAFE): README files provide routine development instructions (e.g., 'npm install', 'uvicorn app.main:app'). These are passive documentation and do not involve the skill executing arbitrary commands autonomously.
Audit Metadata