csf-mapping
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a structural framework for cybersecurity assessment and does not contain any executable scripts, obfuscated payloads, or persistence mechanisms. All logic is instructional and focused on governance mapping.
- [SAFE]: All external references point to authoritative and well-known government and industry sources (NIST, ISO, CIS), which are used neutrally for documentation purposes and do not involve remote code execution or untrusted downloads.
- [SAFE]: The skill uses tools like Bash and WebSearch for legitimate administrative and research tasks related to cybersecurity framework mapping. It does not instruct the agent to perform sensitive file access or exfiltration of user credentials.
- [SAFE]: While the skill is designed to ingest data from other security tools (creating an indirect prompt injection surface), this behavior is a core requirement of its primary purpose. The risk is mitigated by instructions directing the agent to rely on formal evidence and specific output formats, with no automated execution paths for the ingested content.
Audit Metadata