audit-book-writing-v1
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill does not contain any detected malicious patterns such as prompt injection, obfuscation, or persistence mechanisms. Its behavior is consistent with its stated purpose of assisting in audit book writing.
- [DATA_EXFILTRATION]: The skill includes instructions to interact with a local Zotero reference management instance via
curlonlocalhost:23119. This is a legitimate integration for academic and professional writing, and because it targets the local loopback address, it does not constitute exfiltration to a remote attacker. - [COMMAND_EXECUTION]: The skill utilizes standard tools such as
Bash,Grep, andWebFetch. The provided examples are limited to searching local markdown files and fetching data from official regulatory websites (e.g., CICPA, National Audit Office). These operations are scoped to the skill's research functions. - [INDIRECT_PROMPT_INJECTION]: The skill's workflow involves ingesting data from external web sources via
WebSearchandWebFetch. This presents a theoretical surface for indirect prompt injection if an attacker-controlled website contains malicious instructions. However, the skill provides extensive manual and automated verification guidelines (the 4-round review process andDATA_VERIFICATION.md) to mitigate the risk of incorporating untrusted or fabricated content.
Audit Metadata