offer-claims-registry
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill proactively addresses potential security risks by including explicit instructions for the agent to treat all pasted or exported materials as untrusted data rather than instructions. This prevents data-driven instruction overrides.
- [DATA_EXFILTRATION]: No evidence of unauthorized data transfer was detected. The skill is designed to operate locally on the user's project files within the
memory/claims/directory and explicitly states that no APIs are required for its operation. - [EXTERNAL_DOWNLOADS]: The skill references documentation and homepage links hosted on GitHub under the author's account (aaron-he-zhu). These are categorized as vendor-owned resources for the purpose of this analysis and represent standard documentation practices.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a data-ingestion surface (processing ad drafts, marketing copy, and documents). However, it mitigates this risk through high-integrity instructions that forbid the agent from allowing input data to influence its approval logic or metadata labeling. It maintains strict schema enforcement for all written records.
Audit Metadata