event-sourcing
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): No attempts to override agent instructions or bypass safety filters were found. The 'FORBIDDEN' section in documentation correctly identifies software anti-patterns.
- Data Exposure & Exfiltration (SAFE): No hardcoded secrets, sensitive file paths, or network exfiltration patterns were identified.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill provides static code and does not download or execute remote scripts. It uses well-known libraries like Pydantic and SQLAlchemy.
- Indirect Prompt Injection (LOW): 1. Ingestion points: Event data enters the system through
load_from_historyinexamples/event-sourcing-examples.mdandscripts/event-store-template.py. 2. Boundary markers: Absent. 3. Capability inventory: No dangerous tools (network, shell, or file write) are invoked by the provided logic. 4. Sanitization: Absent. The risk is minimal as the skill is an architectural reference rather than a tool with active capabilities. - Dynamic Execution (LOW): Method dispatching via
getattrinexamples/event-sourcing-examples.mduses a controlled prefix ('on'), which is a standard and acceptable practice in this architectural context.
Audit Metadata