tgravity-work-onboarding

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill acts as an instructional framework and does not execute sensitive commands, perform network operations, or access restricted system files such as SSH keys or environment secrets.
  • [DATA_EXPOSURE]: The skill scans the local file system (e.g., skills/tgravity-work-*/SKILL.md) to dynamically identify available tools for the tutorial. This is a legitimate discovery mechanism within the agent environment and does not involve exfiltration.
  • [INDIRECT_PROMPT_INJECTION]: While the skill reads metadata from other installed skills, it possesses no dangerous capabilities (like arbitrary code execution or network connectivity) that could be leveraged by a malicious skill to cause harm.
  • [SAFE]: The instructions include explicit safeguards to prevent the accidental processing of sensitive business data within a tutorial context, requiring users to switch to production skills for real work.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 08:01 AM
Security Audit — agent-trust-hub — tgravity-work-onboarding