verification-before-completion
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill uses strong, authoritative language (e.g., "The Iron Law", "Non-negotiable") to define behavioral constraints. While this mimics some injection patterns, it is intended to ensure task accuracy and honesty within the agent's workflow rather than bypassing system safety filters or extracting sensitive instructions.
- [Data Exposure & Exfiltration] (SAFE): No evidence of sensitive file access, credential usage, or network requests was found. The skill operates entirely on the agent's internal logic and processing of its own task outputs.
- [Indirect Prompt Injection] (LOW): The skill identifies a surface where the agent must process untrusted data (such as output from other agents or tool results). While it does not implement technical sanitization or boundary markers, its primary purpose is to mitigate risks by mandating independent verification of that data before acceptance.
- [Remote Code Execution] (SAFE): There are no commands or instructions for downloading external packages, executing remote scripts, or performing any dynamic code execution.
Audit Metadata