don-proxy
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, unauthorized network access, or credential harvesting detected in the instructions or metadata.
- [PROMPT_INJECTION]: The skill acts as a decision authority that processes artifacts from various workflow phases, which represents a surface for indirect prompt injection from processed data.
- Ingestion points: Reviews Dossiers, Consensus documents, Contracts, Plans, and Worker deliverables (SKILL.md).
- Boundary markers: Explicitly requires validation against
skills/omerta/SKILL.md(Omerta laws) anddocs/gangsta/constitution.md(Project Constitution), instructing the agent to reject artifacts that violate these boundaries. - Capability inventory: Issues SIGN/APPROVE/REJECT verdicts that control the flow of the
gangsta:heistprocess; all actions are marked as provisional (pending-don-confirmation) and require a final human-triggered command (/gangsta:go) to execute. - Sanitization: Relies on rule-based validation against local authoritative documents to detect and reject non-compliant or malicious content in reviewed artifacts.
Audit Metadata