tgw-mcn-collaboration
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local Python script (
scripts/render_mcn_asset.py) to create standardized record skeletons. The script is bundled with the skill and employs defensive programming practices, such as validating output paths to prevent writing into the skill package and using atomic file operations. Input values are sanitized using JSON-encoding before being placed into YAML frontmatter to prevent structural injection. - [DATA_EXFILTRATION]: The skill handles sensitive business data (pricing, contracts, contact details). It incorporates explicit safety rules in
references/privacy-boundary.mdandreferences/asset-contract.mdto distinguish between internal and public data, ensuring sensitive fields remain internal. No unauthorized network activity or data transfer mechanisms were found. - [EXTERNAL_DOWNLOADS]: The skill relies solely on internal scripts and references. There are no external dependencies, remote script downloads, or third-party package installations.
- [PROMPT_INJECTION]: The instructions follow a professional, task-oriented structure without any attempts to bypass safety filters or override system-level constraints. The workflow is focused on factual data extraction and documentation.
Audit Metadata