reality-validation
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data, presenting an indirect prompt injection surface.
- Ingestion points: Production data samples, historical transaction data, and user observations listed in SKILL.md.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are provided for the agent when processing this data.
- Capability inventory: The skill utilizes subprocess execution through npm scripts and shell commands as described in SKILL.md and scripts/example.sh.
- Sanitization: The instructions explicitly recommend the use of sanitized production data in SKILL.md.
- [DATA_EXFILTRATION]: The core functionality of the skill requires accessing and analyzing potentially sensitive data sources like patient schedules or financial records. While intended for validation, this ingestion path creates a surface for data exposure if not handled within a secure environment.
- [COMMAND_EXECUTION]: The skill contains a shell script (scripts/example.sh) and provides numerous examples of npm command execution for running validation tasks. These are standard actions for the defined purpose and do not show signs of malicious intent.
Audit Metadata