20-brief-client-intake
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No attempts to override system instructions, bypass safety filters, or extract underlying system prompts were identified. The instructions focus purely on industry detection and template rendering.
- [DATA_EXFILTRATION]: No unauthorized network operations, hardcoded credentials, or access to sensitive file paths (such as .ssh, .aws, or .env) were found. The skill operates by generating local Markdown files based on provided templates.
- [COMMAND_EXECUTION]: The skill does not contain any instructions to execute shell commands, install third-party packages, or modify system configurations. It lacks dangerous keywords like 'sudo', 'eval', 'exec', or shell-piped downloads.
- [OBFUSCATION]: A scan for Base64 encoding, zero-width characters, homoglyphs, and other evasion techniques yielded no results. All content is in plain-text Markdown.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests user input regarding industry and client size, it lacks the exploitable capabilities (like network access or code execution) required for a significant indirect injection attack surface.
- [DYNAMIC_CONTEXT_INJECTION]: No use of the '!command' syntax or other silent execution patterns was found in the SKILL.md or associated files.
Audit Metadata