Skills
skills/alirezarezvani/claude-skills/soc2-audit-prep/Gen Agent Trust Hub

soc2-audit-prep

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts to analyze audit data and build control matrices. The scripts (gap_analyzer.py, control_matrix_builder.py, evidence_tracker.py, audit_simulator.py, and cross_framework_mapper.py) are referenced via relative paths within the vendor's repository structure.
  • [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by processing external data files (current_state.json, program.json, evidence_log.json, and soc2_scope.json).
  • Ingestion points: JSON data files listed in the workflow (SKILL.md).
  • Boundary markers: None identified.
  • Capability inventory: Shell execution of local Python scripts (SKILL.md).
  • Sanitization: None identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 04:04 PM
Security Audit — agent-trust-hub — soc2-audit-prep