managing-simulink-projects

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill provides instructions for utilizing standard MATLAB Project APIs to manage file registration, project paths, and labels without unauthorized system access.
  • [SAFE]: No hardcoded credentials, secret keys, or unexpected network operations were found in the skill instructions or reference files.
  • [SAFE]: The guidance regarding source control and caching correctly identifies best practices, such as the use of .gitignore to prevent tracking of derived or sensitive files.
  • [COMMAND_EXECUTION]: The skill utilizes the evaluate_matlab_code tool to execute project management commands, which is consistent with the primary purpose defined in manifest.yaml.
  • [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection related to the processing of project artifacts.
  • Ingestion points: User-provided or file-system-sourced strings used for file paths, category names, and labels in references/path-and-file-management.md and references/labels-and-automation.md.
  • Boundary markers: Absent; there are no instructions for using delimiters or boundary markers when interpolating project data into MATLAB commands.
  • Capability inventory: The agent possesses the evaluate_matlab_code tool for code execution and file system manipulation.
  • Sanitization: Absent; the instructions do not prompt the agent to sanitize or validate project strings before using them in API calls.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 02:01 PM
Security Audit — agent-trust-hub — managing-simulink-projects