compliance-license-audit
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from dependency manifests and source code files, providing a potential surface for indirect prompt injection.
- Ingestion points: Scans various manifest files (package.json, requirements.txt, Cargo.toml, etc.) and repository source code.
- Boundary markers: Absent; the skill does not instruct the agent to distinguish between file content and instructions during the audit.
- Capability inventory: Utilizes Read and Grep tools and has file-write permissions for the /docs/compliance/ directory.
- Sanitization: No evidence of sanitization or escaping of file content before processing.
Audit Metadata