saas-data-isolation-evidence-pack
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues or malicious patterns were identified. The skill follows best practices for its stated purpose, which is the generation of compliance documentation.
- [PROMPT_INJECTION]: The skill processes untrusted input from architectural specifications and risk assessment documents. This creates a surface for indirect prompt injection where instructions embedded in those documents could influence the resulting compliance report. However, the risk is negligible as the skill only performs structured reporting and does not possess high-risk execution capabilities.
- Ingestion points: Multi_Tenancy_Architecture_Spec.md, Compliance_Docs.md, Risk_Assessment.md, Test_Plan.md, and security test results.
- Boundary markers: None explicitly mentioned in the instructions to separate data from instructions.
- Capability inventory: The skill creates a report file (Data_Isolation_Evidence_Pack.md) and initializes placeholder files in an evidence directory.
- Sanitization: No sanitization or validation of the input document content is specified in the prompts.
Audit Metadata