geo-tracking-plan
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration techniques were found. The skill is designed for legitimate business analysis of publicly available data.
- [COMMAND_EXECUTION]: The skill utilizes a local Python script (
scripts/render_geo_tracking_plan.py) to generate report files. The script is self-contained, uses only standard libraries, and includes input sanitization (such asslugifyfor filenames andhtml.escape/xml_escapefor content) to prevent injection attacks and directory traversal. - [DATA_EXPOSURE]: The skill explicitly forbids the use of internal systems as dependencies and instructs the agent to maintain a clean environment free of private information, prioritizing publicly verifiable data.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests content from external websites (which is a potential vector for indirect prompt injection), it mitigates this risk by requiring strict evidence sourcing (tracking sources and facts vs. inferences) and sanitizing all external data before rendering it into reports.
Audit Metadata