usage-insights

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill's behavior matches its stated purpose of generating local code for usage statistics.
  • [DATA_EXFILTRATION]: The skill emphasizes on-device storage and processing. It includes explicit guidance in the Gotchas section advising the agent to never transmit usage data to external servers.
  • [PROMPT_INJECTION]: Indirect prompt injection surface analysis: (1) Ingestion points: User configuration gathered via AskUserQuestion in SKILL.md; (2) Boundary markers: Absent; (3) Capability inventory: File-system access and modification tools (Write, Edit, Bash) are enabled; (4) Sanitization: Input is limited to specific functional choices (e.g., period, style), resulting in a negligible risk profile.
  • [EXTERNAL_DOWNLOADS]: No remote resources, unpinned dependencies, or external scripts are fetched or executed. All code templates are provided locally within the skill package.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 05:18 PM
Security Audit — agent-trust-hub — usage-insights