procedure-distillation
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill operates within a 'Mechanical Command Boundary', interacting exclusively with a system tool named 'ee' via JSON-formatted commands. This enforces a strict separation between the AI's authoring layer and the mechanical data operations, reducing the risk of unauthorized system mutations.- [DATA_EXFILTRATION]: Comprehensive privacy and redaction rules are established. The skill explicitly forbids quoting credentials, private keys, or raw transcript content, and requires verification of redaction status before processing data.- [PROMPT_INJECTION]: The skill includes specific 'Stop/Go Gates' to detect and quarantine content that resembles prompt injection. It instructs the agent to treat such content as data rather than instructions, mitigating potential subversion of the agent's behavior.- [SAFE]: All artifacts are verified against content hashes (Blake3) before use, ensuring the integrity and provenance of the evidence being processed.- [SAFE]: The project includes a validation script ('scripts/validate_procedure_distillation_skill.py') that performs static analysis on the skill's structure, required safety phrases, and E2E fixtures to ensure compliance with security and functional requirements.
Audit Metadata