ai-work-governance
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is purely instructional and provides governance patterns. It does not contain any executable scripts, binaries, or automated shell commands.
- [DATA_EXFILTRATION]: The skill includes a robust defensive mechanism for detecting and redacting sensitive data. It provides specific regex patterns to scrub emails, Social Security Numbers, credit card numbers, credentials (API keys, passwords), and database connection strings before filing work items, which mitigates the risk of accidental data exposure.
- [PROMPT_INJECTION]: The skill identifies and manages an 'Indirect Prompt Injection' surface where untrusted data from tickets or logs influences agent output.
- Ingestion points: Context is derived from external customer conversations, support tickets, and production logs (referenced in the 'Sensitive Data Scrub' section).
- Boundary markers: The skill employs a mandatory output schema gate that requires the agent to populate specific strategic fields, acting as a structural constraint on generation.
- Capability inventory: The agent is designed to autonomously create GitHub issues, tasks, and pull requests.
- Sanitization: The skill specifies a machine-enforced scrubbing process using regex to identify and redact sensitive identifiers and generalizes customer evidence into product capability gaps.
- [NO_CODE]: No code was found in this skill, as it consists entirely of documentation and logic patterns for governance.
Audit Metadata