competition-supply-chain
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No security issues detected. The skill provides framework-level guidance for security analysis without implementing any automated or dangerous actions.
- [NO_CODE]: The skill consists entirely of informational Markdown and YAML configuration files; there are no scripts, binaries, or automated command sequences.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials or instructions to access sensitive local files (e.g., SSH keys, AWS credentials) were found.
- [PROMPT_INJECTION]: While the skill involves analyzing external supply chain data, it lacks the execution capabilities (e.g., shell access, network calls) necessary to exploit indirect prompt injection. Ingestion points: Analyzes lockfiles, build scripts, and manifests (SKILL.md). Boundary markers: None mentioned. Capability inventory: No dangerous tools or executable logic present in the skill files. Sanitization: No input validation or sanitization specified for the data ingested during the workflow.
Audit Metadata