process-mapper
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious instructions or safety bypass attempts were detected. The skill includes a 'forcing-question library' which is a domain-specific conversational guide for process documentation.
- [DATA_EXPOSURE_AND_EXFILTRATION]: No network access, hardcoded secrets, or exfiltration logic was found. The Python scripts strictly read user-provided JSON files and print results to the console.
- [OBFUSCATION]: No obfuscated code, encoded strings, or hidden content were identified across the 8 files. The logic is transparent and uses standard technical terminology.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute external code. The Python scripts (
bottleneck_detector.py,cycle_time_analyzer.py,process_documenter.py) are self-contained and use only standard library modules. - [PRIVILEGE_ESCALATION]: No commands for privilege escalation or unauthorized system modifications are present.
- [PERSISTENCE_MECHANISMS]: No logic for establishing persistent access or scheduled tasks was found.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied JSON data through deterministic scripts with field validation. While the scripts output Markdown for the LLM to read, they do not present an exploitable surface for dangerous operations as they lack side-effect capabilities like network or shell access.
- [DYNAMIC_EXECUTION]: No use of
eval(),exec(), or other dynamic code assembly and execution patterns.
Audit Metadata