procedure-distillation

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill operates within a 'Mechanical Command Boundary', interacting exclusively with a system tool named 'ee' via JSON-formatted commands. This enforces a strict separation between the AI's authoring layer and the mechanical data operations, reducing the risk of unauthorized system mutations.- [DATA_EXFILTRATION]: Comprehensive privacy and redaction rules are established. The skill explicitly forbids quoting credentials, private keys, or raw transcript content, and requires verification of redaction status before processing data.- [PROMPT_INJECTION]: The skill includes specific 'Stop/Go Gates' to detect and quarantine content that resembles prompt injection. It instructs the agent to treat such content as data rather than instructions, mitigating potential subversion of the agent's behavior.- [SAFE]: All artifacts are verified against content hashes (Blake3) before use, ensuring the integrity and provenance of the evidence being processed.- [SAFE]: The project includes a validation script ('scripts/validate_procedure_distillation_skill.py') that performs static analysis on the skill's structure, required safety phrases, and E2E fixtures to ensure compliance with security and functional requirements.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 06:43 PM
Security Audit — agent-trust-hub — procedure-distillation