tgravity-work-onboarding
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as an instructional framework and does not execute sensitive commands, perform network operations, or access restricted system files such as SSH keys or environment secrets.
- [DATA_EXPOSURE]: The skill scans the local file system (e.g.,
skills/tgravity-work-*/SKILL.md) to dynamically identify available tools for the tutorial. This is a legitimate discovery mechanism within the agent environment and does not involve exfiltration. - [INDIRECT_PROMPT_INJECTION]: While the skill reads metadata from other installed skills, it possesses no dangerous capabilities (like arbitrary code execution or network connectivity) that could be leveraged by a malicious skill to cause harm.
- [SAFE]: The instructions include explicit safeguards to prevent the accidental processing of sensitive business data within a tutorial context, requiring users to switch to production skills for real work.
Audit Metadata