tgw-profile

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious code, external dependencies, or obfuscation techniques were identified within the skill files.
  • [PROMPT_INJECTION]: The instructions explicitly constrain the agent to collect only necessary data and strictly forbid requesting sensitive information like IDs, phone numbers, or bank details, preventing misuse of the prompt context for data collection.
  • [DATA_EXFILTRATION]: All data is stored locally in the tgw-data/profile/ directory and is explicitly excluded from automated export processes via the tgw_asset: false configuration. No network activity or remote transmission mechanisms were detected.
  • [COMMAND_EXECUTION]: The skill interacts with the file system only to create or update the user's local profile card based on user-confirmed inputs. No arbitrary shell commands or privilege escalation patterns are present.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:26 AM
Security Audit — agent-trust-hub — tgw-profile