kr-gov-grant
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were detected. The skill follows standard functional patterns for a document preparation and search assistant.
- [EXTERNAL_DOWNLOADS]: The skill fetches current grant announcement data from official South Korean government and public institution domains, including k-startup.go.kr, bizinfo.go.kr, iris.go.kr, and nrf.re.kr. These are well-known, trusted administrative sources.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes external web search results and user-provided application drafts. However, this is inherent to its primary purpose of grant analysis. 1. Ingestion points: Web search result snippets and user-uploaded text for document review. 2. Boundary markers: Absent. 3. Capability inventory: Performs web searches and triggers file-writing tools (docx, hwpx, xlsx). 4. Sanitization: None explicitly defined. Given the professional use case and the nature of the data, this is categorized as a low-risk surface.
- [COMMAND_EXECUTION]: The skill utilizes vendor-specific tools from the modu-ai ecosystem (e.g., moai-office:hwpx-writer) for document generation. These are recognized as legitimate vendor resources and do not represent unauthorized command execution.
Audit Metadata