quality-gate
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains no instructions designed to override agent behavior, bypass safety filters, or leak system prompts.
- [Data Exposure] (SAFE): No hardcoded credentials, API keys, or access patterns to sensitive local files (like SSH keys or AWS config) were found.
- [Indirect Prompt Injection] (SAFE): The skill is designed to process untrusted data such as PR diffs and issue descriptions, which is a known attack surface; however, the skill itself provides a structured, evidence-based workflow and does not contain malicious logic. Ingestion points: PR diffs and requirements links. Capability inventory: Calls specialized review skills for auditing. Sanitization: Not explicitly defined.
- [Remote Code Execution] (SAFE): No remote scripts are downloaded or executed. The reference to 'ubs-scanner' and other skills points to internal orchestration rather than external untrusted execution.
- [Obfuscation] (SAFE): No encoded strings, homoglyphs, or zero-width characters were detected.
Audit Metadata