managing-third-party-vendor-risk
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No attempts to override agent behavior or bypass safety guidelines were found in the instructional content.
- [DATA_EXFILTRATION]: No network operations (curl, wget, etc.) or sensitive file path access (SSH keys, AWS credentials) are present. The skill operates entirely on local data provided by the user.
- [REMOTE_CODE_EXECUTION]: The script
scripts/process.pyperforms local JSON processing and scoring. It does not download external scripts or execute arbitrary code from untrusted sources. - [COMMAND_EXECUTION]: No dangerous shell commands, privilege escalation (sudo), or persistence mechanisms were detected.
- [SAFE]: The skill implements standard security practices for risk assessment. The Python logic is transparent and uses only standard libraries (
json,argparse,sys) to calculate scores from user-supplied vendor profiles.
Audit Metadata