rfp-responder
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is composed of deterministic Python scripts using only the standard library. No malicious code, obfuscation, or persistence mechanisms were detected.\n- [COMMAND_EXECUTION]: The skill includes instructions for running its scripts via the command line. These commands are limited to local execution and do not involve dangerous parameters or privilege escalation.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external RFP documents.\n
- Ingestion points: Untrusted text is read by
scripts/rfp_parser.pyfrom files provided in the--inputargument.\n - Boundary markers: The data is parsed into structured JSON; no explicit boundary markers or 'ignore' instructions are added to the output content.\n
- Capability inventory: Across all scripts (
rfp_parser.py,response_drafter.py,winrate_predictor.py), there are no subprocess calls, no usage ofeval()orexec(), no file-writing outside of stdout redirection, and no network operations.\n - Sanitization: The skill relies on regular expressions for data extraction and standard JSON serialization, which provides inherent structural sanitization.
Audit Metadata