workleap-skill-safety-review
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative terminology such as 'REJECT' and 'FAIL' to establish a security boundary for its audit workflow. This is benign and aligned with its primary purpose as a safety validator.
- [DATA_EXPOSURE]: The provided checklist contains references to sensitive file paths (e.g., .ssh/id_rsa, .env) and API key patterns. These are used strictly for identifying vulnerabilities in external skills being audited and do not involve unauthorized access to the host environment's credentials.
- [EXTERNAL_DOWNLOADS]: The instructions describe fetching external content from GitHub and querying 'vett.sh' as part of the evaluation workflow. These are necessary operations for the skill's stated function and target reputable platforms.
- [SAFE]: The skill is authored by a recognized vendor and provides a robust, defensive framework for security reviews without any detected malicious patterns or exfiltration vectors.
Audit Metadata