quantitative-physiology
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found attempting to override agent behavior or safety guidelines. The skill body is purely technical and focused on mathematical modeling.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file access, or network operations detected. The scripts do not use
curl,requests, or any other networking libraries. - Unverifiable Dependencies & Remote Code Execution (SAFE): No external downloads or execution of remote scripts. Python dependencies are limited to standard libraries and
numpy. - Persistence & Privilege Escalation (SAFE): No mechanisms for maintaining access, modifying system files, or escalating privileges (e.g., no
sudoor shell profile modifications). - Dynamic Execution (SAFE): The lazy-loading mechanism in
scripts/__init__.pyusesimportlibwith a hardcoded whitelist of internal submodules (_SUBMODULES). This is a standard performance optimization and does not process user-controlled strings. - Indirect Prompt Injection (SAFE): While the skill ingests numerical data from the user to perform calculations, it lacks the capabilities (shell, network, file writes) required to exploit an injection. All outputs are numerical or descriptive text based on textbook formulas.
Audit Metadata