Skills
skills/ypyt1/all-skills/compliance-automation-specialist/Gen Agent Trust Hub

compliance-automation-specialist

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to automate evidence collection and audit preparation. Although no malicious commands are hardcoded, the agent's mandate to implement monitoring and response systems involves dynamic command generation.
  • [EXTERNAL_DOWNLOADS]: The WebFetch tool is enabled to support integrations with compliance platforms such as Vanta and Drata. This capability is used for legitimate automation but increases the network attack surface.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8).
  • Ingestion points: Processes data from security monitoring systems, audit logs, and external compliance APIs.
  • Boundary markers: The prompt does not define specific delimiters or instructions to prevent the agent from executing commands embedded in input data.
  • Capability inventory: Access to Bash, WebFetch, Write, and MultiEdit provides significant reach for an injected instruction.
  • Sanitization: There is no evidence of input validation or content filtering for the data ingested during automation workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:37 AM