performing-post-quantum-cryptography-migration

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents the execution of a local script scripts/agent.py and the openssl utility to perform cryptographic inventories and readiness tests. These operations are consistent with the skill's stated purpose.
  • [EXTERNAL_DOWNLOADS]: The instructions reference the oqs-provider from the Open Quantum Safe project's GitHub repository. This is a recognized and reputable source within the cryptography community for post-quantum implementations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of untrusted metadata from network targets. Ingestion points: Cryptographic metadata is collected from TLS endpoints and stored in tls_inventory.json. Boundary markers: No delimiters or instructions are provided to ensure the agent ignores potentially malicious content within the inventory files. Capability inventory: The skill can execute local shell commands and manage system configurations using agent.py and openssl. Sanitization: No sanitization of the retrieved network metadata is documented.
  • [NO_CODE]: The functional logic of the skill is contained in scripts/agent.py, which was not included in the provided file set. The security assessment is based on the documented behavior in SKILL.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 09:02 AM
Security Audit — agent-trust-hub — performing-post-quantum-cryptography-migration