artifact-integrity-forge
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE] (SAFE): The script reads files from a user-specified directory to calculate SHA-256 hashes. It does not access sensitive system directories, environment variables, or hardcoded credentials.
- [COMMAND_EXECUTION] (SAFE): There are no instances of
os.system,subprocess, or other shell execution commands. All operations are handled via standard Python library functions for file I/O. - [REMOTE_CODE_EXECUTION] (SAFE): The skill does not download external content or execute code from untrusted sources. It uses
json.loadfor manifest parsing, which is safe against deserialization attacks. - [PROMPT_INJECTION] (SAFE): The
SKILL.mdfile contains standard instructional language and does not attempt to override agent safety filters or system prompts. - [INDIRECT_PROMPT_INJECTION] (SAFE): While the script processes external files in a directory, it treats them as opaque binary data for hashing purposes and does not interpret or execute their content as instructions.
Audit Metadata