ask-questions-if-underspecified
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No override markers, bypass attempts, or malicious role-play instructions were detected. The skill is purely instructional.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive file paths, environment variables, or perform any network operations other than referencing a documentation link.
- [Remote Code Execution] (SAFE): There are no package installations, script downloads, or dynamic execution patterns present in the file.
- [Indirect Prompt Injection] (LOW): The skill identifies a surface for indirect prompt injection (user requests), but mitigates risk by instructing the agent to pause and clarify requirements before executing any commands or editing files.
- [Privilege Escalation] (SAFE): No administrative or elevated privilege commands are used.
Audit Metadata