stakeholder-insight-storyteller

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill demonstrates excellent security practices by including a contract test (tests/test_skill_contract.py) that actively scans its own files for hardcoded secrets, broken links, and placeholder tokens.
  • [COMMAND_EXECUTION]: The script scripts/quick_validate_skill.py uses subprocess.run to execute the skill's own contract test script. This execution is limited to local validation of the skill's structure and syntax during development or installation.
  • [PROMPT_INJECTION]: The skill includes adversarial prompt fixtures (e.g., tests/fixtures/adversarial.md) designed to test the agent's robustness. These fixtures simulate pressure to ignore warnings or provide false confidence, instructing the agent to refuse such overclaims as part of its 'adversarial forward testing' protocol.
  • [SAFE]: The use of the compile() function in tests/test_skill_contract.py is restricted to verifying the syntax of Python files within the skill folder and does not execute the code, serving as a static analysis check.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 09:30 AM
Security Audit — agent-trust-hub — stakeholder-insight-storyteller