brand-discovery
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill manages session state and interview outputs by reading and writing files to the local filesystem. It includes logic to validate that the 'outputPath' is an absolute path within the project directory and ensures that 'participant' filenames contain only alphanumeric characters and hyphens, which effectively prevents path traversal and arbitrary file access vulnerabilities.
- [PROMPT_INJECTION]: The skill is designed for multi-session use and resumes progress by reading previously generated state and module files. While this creates an ingestion point for user-controlled data, the process is governed by a rigid instructional framework and does not exhibit patterns associated with bypassing safety filters or overriding system instructions.
- [DATA_EXFILTRATION]: All data captured by the skill is stored locally on the user's disk. No network operations, such as external API requests or file uploads to remote servers, were detected.
- [CREDENTIALS_UNSAFE]: The skill does not access sensitive system paths (like SSH keys or AWS credentials) or environment variables, and it contains no hardcoded secrets.
Audit Metadata