speckle-syntax-automate

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues were detected. The skill follows security best practices for the Speckle Automate platform.
  • [PROMPT_INJECTION]: The instructions do not contain any patterns attempting to override agent behavior, bypass safety filters, or extract system prompts.
  • [DATA_EXFILTRATION]: No unauthorized data access or exfiltration patterns were found. The skill explicitly instructs developers to use SecretStr (Python) and [Secret] attributes (C#) to protect sensitive information like API keys from appearing in logs or user interfaces.
  • [EXTERNAL_DOWNLOADS]: References to external resources and SDKs (e.g., specklepy, Speckle.Automate.Sdk) are directed toward official Speckle Systems repositories and documentation, which are well-known and trusted sources within the AEC industry.
  • [COMMAND_EXECUTION]: There are no dangerous shell commands or arbitrary code execution patterns. The instructions focus on structured function development within the Speckle SDK environment.
  • [INDIRECT_PROMPT_INJECTION]: While the skill describes processing external data (Speckle model versions), it provides guidelines for safe data traversal (flattening) and reporting, minimizing the risk of instructions embedded in data being misinterpreted as commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 08:35 PM
Security Audit — agent-trust-hub — speckle-syntax-automate