commercial-skills
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill instructions do not contain any malicious patterns or dangerous command execution logic.
- [NO_CODE]: This skill is entirely instructional and does not contain any scripts, binaries, or executable code.
- [PROMPT_INJECTION]: The skill provides an interface for processing external documents like RFPs and contracts, which presents a surface for indirect prompt injection.
- Ingestion points: Documents in the workspace such as RFPs and partner agreements are processed as defined in
SKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included.
- Capability inventory: The skill facilitates orchestration and routing between sub-skills without direct system-level execution or network access.
- Sanitization: There is no evidence of sanitization or validation of the ingested document content.
Audit Metadata