security-requirement-extraction
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The provided skill is informational and contains Python boilerplate code for security modeling. No malicious commands, obfuscation, or data exfiltration patterns were identified.
- [PROMPT_INJECTION]: The skill defines a surface for Indirect Prompt Injection (Category 8) as it interpolates untrusted threat descriptions into generated requirements using string formatting. However, because the skill has no system capabilities and generates output for documentation, the risk is negligible. * Ingestion points: RequirementExtractor processes ThreatInput data in SKILL.md. * Boundary markers: None. * Capability inventory: No system-level capabilities (network, file, or shell). * Sanitization: None.
Audit Metadata