skills/mukul975/anthropic-cybersecurity-skills/conducting-cyber-risk-assessment-with-nist-800-30/Gen Agent Trust Hub
conducting-cyber-risk-assessment-with-nist-800-30
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests and processes untrusted data from external JSON files to generate Markdown reports.
- Ingestion points: The
scripts/process.pyscript reads risk data from a user-provided file via the--inputCLI argument. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the contents of the generated report as potentially untrusted data.
- Capability inventory: The capabilities are highly restricted; the script only performs string formatting and basic arithmetic, with no access to network tools, shell execution, or arbitrary file system write capabilities.
- Sanitization: Input values from the JSON data are not sanitized before being rendered into the final Markdown table.
Audit Metadata