gleap-responder
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were detected in the skill instructions or workflow.
- [SAFE]: Data Ingestion Security: The skill acknowledges that data from external support tickets is untrusted and provides explicit instructions to ignore any embedded commands or prompts.
- [SAFE]: Human-in-the-loop Verification: The workflow requires a mandatory user approval step ("Present for review") before the agent can execute the MCP tool to post a note, preventing autonomous data exfiltration or unintended message posting.
- [SAFE]: Input Validation: The skill includes strict regex validation (
/^[0-9a-f]{24}$/i) for the ticket identifier to prevent injection or malformed data usage. - [SAFE]: Least Privilege: The skill relies on an MCP server for authentication, avoiding the need for hardcoded API keys or environment variable access by the agent.
Audit Metadata