community-engagement
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill is composed entirely of Markdown templates and instructional text. No executable scripts (Python, JavaScript, Bash, etc.) or configuration files for automated tools were detected.
- [DATA_EXPOSURE] (SAFE): There are no references to sensitive file paths, environment variables, or hardcoded credentials. The file paths mentioned (e.g., CONTRIBUTING.md, CHANGELOG.md) are standard documentation files for public repositories.
- [EXTERNAL_DOWNLOADS] (SAFE): No external package managers (pip, npm) or remote download commands (curl, wget) are present.
- [PROMPT_INJECTION] (SAFE): The instructions do not contain patterns typical of prompt injection or attempts to bypass safety filters. The role-play aspect is constrained to community management tasks.
- [INDIRECT_PROMPT_INJECTION] (INFO): While the skill involves processing external content (issue reports and PR descriptions), it provides static templates for responses and lacks any tool-calling capabilities to perform side-effect actions like merging code or deleting repositories, making the injection risk negligible.
Audit Metadata