stakeholder-insight-storyteller
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill demonstrates excellent security practices by including a contract test (
tests/test_skill_contract.py) that actively scans its own files for hardcoded secrets, broken links, and placeholder tokens. - [COMMAND_EXECUTION]: The script
scripts/quick_validate_skill.pyusessubprocess.runto execute the skill's own contract test script. This execution is limited to local validation of the skill's structure and syntax during development or installation. - [PROMPT_INJECTION]: The skill includes adversarial prompt fixtures (e.g.,
tests/fixtures/adversarial.md) designed to test the agent's robustness. These fixtures simulate pressure to ignore warnings or provide false confidence, instructing the agent to refuse such overclaims as part of its 'adversarial forward testing' protocol. - [SAFE]: The use of the
compile()function intests/test_skill_contract.pyis restricted to verifying the syntax of Python files within the skill folder and does not execute the code, serving as a static analysis check.
Audit Metadata