Skills
skills/ortus-boxlang/skills/boxlang-interceptors/Gen Agent Trust Hub

boxlang-interceptors

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No evidence of prompt injection, role-play bypasses, or instructions to ignore safety guidelines was found.
  • [DATA_EXFILTRATION]: The skill does not access sensitive files or environment variables. It references getSetting( 'JWT_SECRET' ) as a code example, which is a standard and safe practice for configuration management within the BoxLang framework.
  • [REMOTE_CODE_EXECUTION]: No patterns of remote code execution or unverified third-party package installations were detected. All code examples are local to the BoxLang environment.
  • [COMMAND_EXECUTION]: The skill does not execute shell commands or interact with the operating system's command line.
  • [OBFUSCATION]: No obfuscated URLs, encoded strings, or hidden characters were identified in the provided file.
  • [INDIRECT_PROMPT_INJECTION]: While the skill defines how to process data via interceptors (an attack surface for indirect injection), the documentation follows best practices by including examples of data sanitization (e.g., using htmlEditFormat).
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 03:48 PM