performing-post-quantum-cryptography-migration
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the execution of a local script
scripts/agent.pyand theopensslutility to perform cryptographic inventories and readiness tests. These operations are consistent with the skill's stated purpose. - [EXTERNAL_DOWNLOADS]: The instructions reference the
oqs-providerfrom the Open Quantum Safe project's GitHub repository. This is a recognized and reputable source within the cryptography community for post-quantum implementations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of untrusted metadata from network targets. Ingestion points: Cryptographic metadata is collected from TLS endpoints and stored in
tls_inventory.json. Boundary markers: No delimiters or instructions are provided to ensure the agent ignores potentially malicious content within the inventory files. Capability inventory: The skill can execute local shell commands and manage system configurations usingagent.pyandopenssl. Sanitization: No sanitization of the retrieved network metadata is documented. - [NO_CODE]: The functional logic of the skill is contained in
scripts/agent.py, which was not included in the provided file set. The security assessment is based on the documented behavior inSKILL.md.
Audit Metadata