afa-pr
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No patterns attempting to bypass safety filters or override agent instructions were found. The skill uses natural instructional language to guide PR workflows.
- [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or passwords were found. The skill correctly instructs users to provide their own contact and brand information within templates.
- [DATA_EXFILTRATION]: No evidence of unauthorized data transfer or sensitive file access was found. The skill references standard internal files like 'products.md' and 'voice-and-tone.md' for context.
- [OBFUSCATION]: No hidden characters, Base64 encoding of commands, or homoglyph substitutions were detected.
- [REMOTE_CODE_EXECUTION]: No remote script downloads, package installations, or dynamic code execution patterns were found. The skill relies on static templates and instructional logic.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external media mentions and user-supplied brand data, which is an inherent injection surface for PR tools. However, it mitigates risk by utilizing rigid diagnostic decision trees and standardized output templates.
Audit Metadata