skill-integration-tester
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates exclusively on local files within the project repository to perform static validation of workflow metadata and structure.
- [PROMPT_INJECTION]: No patterns indicative of prompt injection, such as instructions to override system prompts or bypass safety filters, were found in the skill code or documentation.
- [EXTERNAL_DOWNLOADS]: The skill does not perform network requests, download remote scripts, or install external dependencies; it relies solely on the Python standard library.
- [COMMAND_EXECUTION]: There is no evidence of subprocess spawning, shell command execution, or dynamic code evaluation (e.g., eval, exec) in the provided scripts.
- [DATA_EXFILTRATION]: No sensitive user files are accessed and no data is transmitted to remote servers; operations are strictly limited to local project configuration and report generation.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials or secrets were detected. References to API keys in the contract definitions are metadata markers used to identify expected environment variables in other skills, not actual sensitive values.
Audit Metadata