Skills
skills/alirezarezvani/claude-skills/compliance-readiness/Gen Agent Trust Hub

compliance-readiness

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes several internal Python scripts (framework_selector.py, cross_framework_mapper.py, evidence_pool_generator.py, and audit_simulator.py) located in the relative path ../../skills/compliance-os/scripts/. These executions are intended for processing compliance programs.
  • [PROMPT_INJECTION]: This skill possesses an indirect prompt injection surface due to the way it processes external data.
  • Ingestion points: Untrusted data enters the agent context via input files such as profile.json, program.json, and scope.json (referenced in SKILL.md).
  • Boundary markers: The instructions do not specify any delimiters or safety warnings to ignore instructions embedded within the contents of the processed JSON files.
  • Capability inventory: The skill uses subprocess calls to execute multiple Python scripts (framework_selector.py, cross_framework_mapper.py, etc., in SKILL.md) which process the ingested files.
  • Sanitization: There is no evidence of validation, escaping, or filtering of the external JSON content before it is interpolated into the script arguments or processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 12:43 AM
Security Audit — agent-trust-hub — compliance-readiness