gadd-decompose
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or security vulnerabilities were detected. The skill performs intended project management tasks within a structured framework.
- [DATA_EXFILTRATION]: The skill communicates with external APIs (specifically GitHub) to create and manage sub-issues. This is the primary intended function of the skill and is mitigated by explicit requirements for human confirmation before any external mutation is performed. No unauthorized data exfiltration patterns were observed.
- [COMMAND_EXECUTION]: The instructions describe logical workflow steps for an agent to follow. There are no attempts to execute arbitrary shell commands or perform unauthorized system modifications.
- [PROMPT_INJECTION]: The skill contains strict quality gates and conditional logic to ensure prerequisites (like plan approval) are met. It does not contain instructions to bypass safety guidelines, reveal system prompts, or override agent constraints.
- [REMOTE_CODE_EXECUTION]: The skill does not download, install, or execute external code, scripts, or packages.
Audit Metadata