tech-selection-research
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local Python script (
scripts/build_decision_matrix.py) to process decision matrices. The script is included with the skill and uses standard libraries (json,sys,pathlib) to perform mathematical calculations on input data. It does not execute shell commands or interact with the network. - [EXTERNAL_DOWNLOADS]: The skill performs technology research via the
WebSearchandWebFetchtools to gather information from documentation and engineering blogs. This is the primary intended function of the skill and does not involve downloading or executing untrusted code or binaries. - [PROMPT_INJECTION]: The skill ingests data from external websites during research, creating a surface for potential indirect prompt injection. However, the skill defines a rigid evaluation framework with specific dimensions (e.g., business fit, architecture fit) and structured output templates that help constrain the agent's processing. No malicious injection patterns or safety bypass instructions were found within the skill itself.
Audit Metadata