food-label-review
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill files were scanned for malicious patterns including prompt injection, data exfiltration, and obfuscation. All references are static informational Markdown files used for compliance checking.\n- [COMMAND_EXECUTION]: The skill utilizes a Node.js script
scripts/generate_report.jsto process audit results into a Word document. This script is a legitimate vendor resource that performs local file system operations without external network interaction.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user-submitted food labels, which represents an ingestion surface. \n - Ingestion points: User-provided food label text or images processed during the audit workflow in
SKILL.md.\n - Boundary markers: None explicitly defined in the prompt instructions to separate user content from system logic.\n
- Capability inventory: The agent can execute a local reporting script to create file output.\n
- Sanitization: No explicit sanitization of user-provided label text is performed before it is included in the generated report.
Audit Metadata