managing-third-party-vendor-risk

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No attempts to override agent behavior or bypass safety guidelines were found in the instructional content.
  • [DATA_EXFILTRATION]: No network operations (curl, wget, etc.) or sensitive file path access (SSH keys, AWS credentials) are present. The skill operates entirely on local data provided by the user.
  • [REMOTE_CODE_EXECUTION]: The script scripts/process.py performs local JSON processing and scoring. It does not download external scripts or execute arbitrary code from untrusted sources.
  • [COMMAND_EXECUTION]: No dangerous shell commands, privilege escalation (sudo), or persistence mechanisms were detected.
  • [SAFE]: The skill implements standard security practices for risk assessment. The Python logic is transparent and uses only standard libraries (json, argparse, sys) to calculate scores from user-supplied vendor profiles.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 09:01 PM
Security Audit — agent-trust-hub — managing-third-party-vendor-risk