system-interface-contracts
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected in the skill's instructions, metadata, or evaluation logic.
- [EXTERNAL_DOWNLOADS]: The skill references several industry-standard technical specifications and documentation sites including OpenAPI, AsyncAPI, CloudEvents, and IETF RFCs. All referenced domains are well-known technology standards organizations or official vendor documentation.
- [PROMPT_INJECTION]: Evaluated for indirect prompt injection risks. 1. Ingestion points: Contract definition files and tool results processed by the agent. 2. Boundary markers: The skill includes an 'Agent and Tool Contracts' section providing explicit warnings that tool results are data, not instructions. 3. Capability inventory: Access is limited to Read and Grep tools. 4. Sanitization: Instructions mandate strict validation of structured payloads and rejection of malformed inputs at trust boundaries.
- [DATA_EXFILTRATION]: No evidence of unauthorized data access or network exfiltration. The skill defines its scope around reasoning and contract design using restricted agent tools.
Audit Metadata