yao-kelly-skill
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Comprehensive analysis of the instructions, scripts, and metadata reveals no malicious patterns or safety violations.
- [DATA_EXFILTRATION]: The skill does not access sensitive local files (such as credentials, SSH keys, or environment variables) and does not perform network operations to send data externally.
- [REMOTE_CODE_EXECUTION]: All execution is performed by local, provided Python scripts. There are no patterns involving the download or execution of untrusted remote code.
- [COMMAND_EXECUTION]: Shell execution is limited to running the skill's own calculation and reporting scripts (
python3 scripts/...). No evidence of arbitrary command injection or unauthorized system-level operations was found. - [PROMPT_INJECTION]: The skill instructions do not contain attempts to override agent behavior, bypass safety filters, or extract system prompts.
- [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or other secrets were found in the codebase. Instructions correctly recommend local JSON files for data input.
- [EXTERNAL_DOWNLOADS]: The skill does not install external packages or fetch remote resources during operation.
Audit Metadata