bie-component-ontologist
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill is instructed to read local component source code during its 'Review Mode'. This access is necessary for its stated purpose of validating implementation completeness and identifying registration gaps. No patterns of unauthorized exfiltration or credential harvesting were detected.
- [EXTERNAL_DOWNLOADS]: The skill fetches technical documentation from Confluence using the
getConfluencePagetool and a specific Cloud ID (c62e56c2-b224-4d4e-a859-afa7de01241e). As Confluence is a well-known service and the fetch is used to retrieve architectural guidelines for the task, this is considered a safe reference to a known service. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from local code and external documentation.
- Ingestion points: Confluence architecture pages and local component source code files.
- Boundary markers: Absent. There are no explicit delimiters or instructions to ignore embedded commands in the reviewed files.
- Capability inventory: The agent performs gap analysis, identifies identity dependencies, and generates design deliverables. It possesses file system read capabilities.
- Sanitization: Absent. The skill does not implement specific validation or filtering for the content it reads. Note: This surface is inherent to the skill's purpose as a code and documentation reviewer.
Audit Metadata