sap-clean-core-atc
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a legitimate SAP auditing workflow. It utilizes SAP-specific tools (SAPRead, SAPContext, SAPDiagnose) to analyze code and relies on official SAP documentation for classification.
- [EXTERNAL_DOWNLOADS]: Retrieves machine-readable API release states from the official SAP organization repository on GitHub (SAP/abap-atc-cr-cv-s4hc). This reference is used for data-driven classification and is a trusted source.
- [PROMPT_INJECTION]: The skill analyzes external code provided by the SAP system, which constitutes an indirect prompt injection surface.
- Ingestion points: ABAP source code and metadata retrieved from the SAP system (SKILL.md).
- Boundary markers: Not explicitly defined in instructions to the agent.
- Capability inventory: Performs system reads (SAPRead), searches (SAPSearch), and diagnostics (SAPDiagnose) on the SAP environment (SKILL.md).
- Sanitization: Code is analyzed via regex and dependency tools but is not specifically sanitized against malicious instructions embedded in comments or strings.
Audit Metadata