ai-tool-assessment
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface by ingesting external data without explicit sanitization or boundary markers.
- Ingestion points: Processes data from
docs/AI_development_tools.mdand interactive user answers to usage questions. - Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands within the processed documentation.
- Capability inventory: Performs local file reads and writes reports to the
reports/directory. No subprocess execution or network operations are present in the provided scripts. - Sanitization: None detected; the agent directly interpolates external input into the final markdown report template.
- [DATA_EXPOSURE] (SAFE): The skill reads subscription information from local documentation. While this involves financial costs, there are no network exfiltration patterns or hardcoded credentials detected.
- [COMMAND_EXECUTION] (SAFE): Bash examples provided (
cat,ls) are standard utility commands for local file management and do not involve privilege escalation or dangerous execution of untrusted strings.
Audit Metadata